►
From YouTube: Security Release as part of the auto-deploy
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
B
Okay,
I
guess
you
can
see
my
screen
right,
yep
cool,
so
this
call
is
to
discuss
basically
two
things
rather
than
including
the
security
release
as
part
of
the
output
process.
How
to
deploy
process
and
I
would
like
to
start
with
our
current
setup.
So
right
now
we
have
canonical
with
love.com
security,
which
is
good
luck,
more
security
and
build,
and
we
are
protected.
B
Branches
from
canonical
are
being
push
mirror
to
security,
and
this
one
our
push
mirrors
to
build,
and
what
we
need
to
accomplish,
though,
is
that
for
security
branches,
to
continue
the
security
fixes
and
also
to
have
the
canonical
fixes,
and
also
they
also
deployed
to
continue
happening
on
canonical.
So
without
one.
Stopping
the
other
and
I
have
two
proposals
for
this
okay,
so
the
first
one
is
to
merge
the
protected
branches
not
to
mirror
them,
so
we
will
have
on
security.
B
Our
protectors,
branches,
on
security
are
going
to
be
perfect,
with
security,
slash
so
master,
become
security,
master,
stable
security,
stable
and
when
performing
a
security
release,
we
will
disable
mirroring
from
canonical
to
security,
and
we
will
start
merging
these
branches.
Every
X
minutes
and
I.
B
Think
this
will
allow
us
to
merge,
merge
request
into
the
city,
security
master,
ending
to
the
stable
branches
and
to
also
have
their
fixes
from
pannonica
lean-to
security,
and
once
we
are
ready
to
publish,
we
will
push
all
the
changes
from
security
into
our
remote,
and
there
are
some
more
details
like
in
between
these
steps.
But
I
am
just
talking
about
in
a
very
high
broad
scope,
just
to
try
to
set
the
fix
or
to
have
a
decision
into
our
setup,
because
I
think
this
is
the
hardest
point.
So
this
one
is
one.
B
C
B
Exactly
my
point:
it's
a
bit
rough,
but
just
something
to
think
about
it
and
the
other
one
which
I
think
it
is
a
bit
more
elegant.
It
is
like
selective
memory.
So
when
performing
a
security
release,
we
continue
with
the
push
mirroring.
We
still
have
the
same
set
of
security,
protected
branches,
protected
branches
on
security
are
prefixed
with
security,
and
we
activate
at
the
moment
of
perform
security
release.
We
activate
this
new
option.
Selective
mirroring
this
option
does
not
exist
at
the
moment.
A
I
just
need
to
interrupt
you
for
a
second.
Can
we
change
the
wording
and
not
use
security?
/
master
security,
/
whatever
deployed
there,
but
can
we
say
prefix
latch,
master,
prefix
/,
so
that
we
can
say
canonical
is
canonical.
Security
is
a
set
of
security
repositories.
Build
is
a
set
of
build
repositories
and
we
can
say:
branches
are
master,
prefixed,
master
or
auto.
Deploy
branch
start
to
deploy
branch
so
that
we
can
have
like
a
easier
way
to
follow
because
I'm
already
getting
lost.
Okay,
yeah.
B
C
B
Yeah
I
haven't
tried
the
mirroring,
but
based
on
the
documentation,
it
says
that
it
cannot
contain
the
remote
branch
cannot
contain
more
comets
than
the
source
branch
and
there
is
an
option
to
overwrite
those
changes
if
it
happens.
So
what
we
need
will
be
another
option
like
that.
Allow
us
to
continue
keep
pushing
the
changes
and
allow
us
to
have
different
commits
I,
don't
know
if
technically,
if
that
is
possible,
or
if
that
is
something
that
the
product
even
wants
to
consider.
A
B
It
will
keep
the
mirroring
from
breaking
continuing
if
we
are
going.
The
the
whole
purpose
of
this
is
to
deploy
the
security
fixes
in
two-bit
lab
comm
as
soon
as
they
are
ready.
So
we
can
try
to
get
left
protected
24/7,
but
if
the
Murie,
the
mirroring,
is
broken,
we
cannot
do
that
because
we
are
not
going
to
have
all
the
fixes
from
pannonica
into
security.
Yes,.
B
C
Think
it's
like
marrying
the
problem
becomes
say
we
merge
a
security
merger
quest
into
twelve
seven
stable
right
now
in
the
current
setup
we
can't
push
anything
because
twelve
seven
stables
diverged
in
the
you
selected
mirroring.
We
won't
merge
twelve
seven
stable
because
it's
diverged,
but
we
will
merge
everything
else,
but
I
think
if
we
start
merging
stuff
into
Auto
deploy
branches,
then
that
mirroring
stopped
working.
So
we
stopped
getting
the
latest
changes
from
canonical
I.
Think,
no
matter
what
it
sounds
like.
We
need
to
merge.
Yeah.
C
B
I
think
so,
but
as
soon
as
we
merge
fixes
into
the
perfect
auto
deploy
branch,
my
idea
was
to
modify
the
mirroring.
So
when
we
selectively
mirroring,
we
still,
even
if
those
branches
diverged
now
with
branches,
are
different
in
canonical
my
security,
the
mirror
is
not
going
to
break.
It
will
continue
to
push
changes.
A
C
A
A
Now,
like
that's,
that's
not
a
problem
on
its
own
right
like
we,
we
might
want
to
think
about
whether
it
makes
sense
to
go
through
that
whole
process
and
like
work
with
to
get
a
team
and
figure
out
or
not
to
create
team.
Whoever
is
responsible
for
this
to
create
mirroring
that
would
allow
us
to
merge
and
do
all
those
things,
but
that
becomes
a
much.
A
C
B
B
A
B
Yes,
but
we
will
keep
updated
the
prefix
ranches
with
the
merge,
so
what
I
want
to
accomplish
in
both
syrups
is
for
the
auto
deploy
processes
to
continue.
Even
if
we
are
performing
a
security
release
and
to
use
security
as
a
build,
so
we
can
build
and
deploy
from
security
with
the
security
fixes
once
they
are
merged.
A
This
case
say
we
have
a
situation,
can
you
scroll
up
yeah,
leave
it
there
current
setup,
so
we
have
push
mirroring
enabled
for
master
stable
branches.
Okay,
those
are
protected
branches
and
we
have
auto
deploy
branches
who
are
now
using
push
mirroring.
But
let's
talk
about
option
a
1
or
a
B
1,
whatever
you
want
to
call
it
like
a
mix
of
two
and
say
what,
if
we
say
that
auto
deploy,
branches
are
always
gonna,
be
using
merging
and
everything
else,
so
stable
branches,
including
master,
will
always
going
to
be
using
push
mirroring.
A
So
in
this
situation,
what
that
would
allow
us
to
do
is
we
would
be
able
to
continuously
receive
changes
into
the
canonical
auto
deploy
branches.
They
would
be
automatically
merged
into
the
security
auto
deploy
branch.
We
would
be
able
to
merge
things
into
security
or
to
deploy
branches
at
will
and
build.
We
will
just
get
the
propagated
changes
from
security.
A
C
C
A
C
B
A
Yeah,
so
just
just
just
one
thing:
the
reason
why
I'm
saying
this
is
I'm
already
getting
overwhelmed
with
the
amount
of
options
we
have
so
I'm,
focusing
on
one
case
only,
and
that
is
the
current
running
or
to
deploy
branch
at
any
time,
can
receive
updates,
which
would
mean
possibly
changing
the
process
so
that
you
know
like
folks,
instead
of
merging
into
master,
they
would
have
to
like
create
another
merge
request
that
would
go
into
Auto.
Deploy
like
let's
ignore
that
part
for
a
second
I'm
trying
to
just
like
that.
A
Visualize
in
like
understand
like
what
options
we
have
to
have
always
one
branch
ready
and
open
and
receiving
continuous
changes,
including
security
from
which
we
would
be
continuously
deploying
and
not
break
the
rest
of
the
process.
So,
for
example,
if
we
at
any
point
decide
then
okay,
we
are
ready
to
create
backwards
back
port
releases.
A
We
can
then
merge
in
all
of
this,
these
branches
like
stable
master
and
so
on,
but
then
at
that
point
push
mirroring
stops
right,
like
that
point,
push
mirroring
stops
because
branches
have
diverged
now,
but
we
still
have
the
line
open
with
auto
deploy
because
we
are
continuously
merging
there
and
we
are
not
depending
on
push
mirror.
Does
that
yeah?
Okay,
that
is
this
is
a
special
case.
This
is
not
a
B
or
C.
A
B
A
B
A
So
I'm
kind
of
now
trying
the
other
approach,
and
that
is
smaller,
even
smaller
than
this
okay.
So
the
problem
I'm
trying
to
resolve
right
now
is
finding
a
way
that
auto
deploy
branches
are
free-flowing
at
any
point
in
time
and
that
we
can
merge
at
will
both
in
canonical
and
security
and
still
have
built,
be
the
source
of
truth
for
our
deployment.
So.
B
A
A
C
C
A
B
C
A
C
A
A
C
C
A
A
So
there
is
another
option
that
we
might
have
not
consider,
and
that
is
what,
if
we
have
an
option
of
saying
that
prefixed
branches
with
a
certain
prefix
get
special
treatment,
so
whether
they're
mirrored
or
not
mirrored
so
what
we
could
do
theoretically
say.
Instead
of
having
the
name
of
the
branch
we
have
right
now,
which
is
version
or
to
deploy
times
them.
We
say
all
branches
that
have
auto
deploy,
slash,
so
that's
the
prefix
and
then
we
have
12
eighths
times.
Time
is
the
branch
we
wanna
use
and
then
we
say.
A
A
B
A
B
B
So
I
just
want
to
go
over
the
process,
assuming
that
the
whole
process
would
be
starting
with
a
security
development
process
is
that
the
bakken
engineer
opens
the
merge
request
in
master
with
picking
down
to
deploy
and
on
publish
labels.
The
mr
is
reviewed
by
the
maintainer
and
the
maintainer
approves
it,
and
then
in
that
moment
the
engineer
prepares,
the
three
bath
bursts
and
the
maintainer
merges
the
former
requests,
the
one
that
targets
master
and
the
bath
ports
and
then
on
the
outer
deploy
process
on
canonical
the
process
is
the
same.
B
They
auto
deploy
picker
fix
the
normal
fixes
in
canonical
into
the
auto
deploy
branch
and
continuous
with
the
deployer
pipeline,
and
that
process
stays
the
same
and
on
security.
The
auto
deploy
Pickers
fix
those
fixes,
the
security
fixes
in
the
security
on
polyploidy
branch
and
since
one
way
or
another,
the
auto
deploy
branch
from
canonical
is
contained
or
merge
into
the
prefix
runs
purity.
That
implies
that
they
only
fixes
from
canonical
insecurity
are
are
in
the
security
of
the
deploy
branch.
So
we
use
the
prefix
of
the
deploying
for
builds
and
on
packaging.
B
C
C
B
C
So
in
this
proposal
of
the
process,
we
are
regularly
merging
stuff
into
the
prefix
master
as
soon
as
it's
got
the
back
ports
and
there's
been
reviewing
all
that
stuff,
not
necessarily
when
we
are
ready
to
publish.
So
there
could
be
things
in
prefix
master
that
are
not
in
this
upcoming
security
release,
but
er
otherwise
ready
for
publication
yeah.
We
get
one
prefix
master
to
canonical
minister,
yes,.