x/build/cmd/releasebot: check that security branch is merged into release branch #34505
Labels
Builders
x/build issues (builders, bots, dashboards)
FrozenDueToAge
NeedsFix
The path to resolution is known, but the work has not been done.
Milestone
We recently changed how we handle point release branch management for bug fixes & security releases. We used to have one linear history in release branches and we had to land things in the correct order (security things only before a security release, and then land all bug fixes for non-security releases)
We've changed to land bug fixes on release branches immediately, and instead cutting security releases from the last release on its own branch.
There's the very real possibility now that humans'll be human and forget a step here and not merge the security branch into the release branch, resulting in a future bug fix release that removes the security fixes.
We should add a check for this in cmd/releasebot so we don't do this by accident.
/cc @andybons @dmitshur
The text was updated successfully, but these errors were encountered: