[ https://ovirt-jira.atlassian.net/browse/OVIRT-2078?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=36861#comment-36861 ] sbonazzo commented on OVIRT-2078: --------------------------------- User story: A researcher find a vulnerability in one of the oVirt packages. A CVE is opened and an embargo date is acknowledged between researcher, oVirt package maintainer and downstream vendors. Between report and embargo date, oVirt package maintainer must be able to push a patch to gerrit as a private patch, getting it reviewed by a restricted number of people and get it ready for being merged immediately on embargo lift, when the vulnerability will be disclosed to public, in order to issue an immediate release right after the merge.

Check option for private changes on Gerrit ------------------------------------------

Key: OVIRT-2078 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2078 Project: oVirt - virtualization made easy Issue Type: Task Reporter: eyal edri Assignee: infra Priority: High

We need an option sometimes to post private changes ( not draft ) to Gerrit, Gerrit has support for private changes [1], we should check if its available in current version. [1] https://gerrit-review.googlesource.com/Documentation/intro-user.html#private...

-- This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100087)