►
From YouTube: Discussing security release migration Part 2
B
A
A
B
So
I
think
this
was
related
to
merging
into
master,
because
we
want
to
ensure
that
at
the
same
time,
or
rather
that
security
merge
requests
are
no
different
to
regular,
merge
request
right
like
as
soon
as
they
reviewed,
merging
into
masteries
can
be
done,
and
then
the
only
thing
the
developer
needs
to
do
is
create
a
blackboard
merge
request.
Is
that
correct?
That's
what
we
discussed
previously?
Yes,.
A
B
So
the
reason
why
we
want
to
have
those
merge
requests
labeled
properly
is
because
at
any
point
in
time
there
might
be
items
that
are
not
ready
for
back
porting
they're,
not
gonna,
get
in
time
for
backward
release.
So
we
might
have
a
situation
where
master
at
that
moment
has
a
fix
for
something
that
is
being
released
later
on.
B
A
A
B
A
A
A
But
also
adding
a
complication,
but
you
mentioned
that
I,
don't
like
the
fact
that,
as
soon
as
that
first
murder
case
gets
merged
a
master,
then
those
branches
are
diverged
and
we're
we're
still
at
that
point
of
stopping
the
world.
Basically,
unless
we
figure
out
how
to
merge,
I
guess
yeah,
this
we're
back
to
the
merge
strain
conversation
right
where
stuff
pushed
to
canonical
master
or
triggers
and
merge
trained
security
master,
and
then
we
can't
rely
on
yeah.
B
A
A
B
A
A
A
A
A
B
A
A
B
A
A
But
yeah
I
don't
think,
there's
any
guarantee
that
we
can
say.
Security
fixes
are
only
developed
in
like
three
days
leading
up
to
a
security
release.
Right
stuff
gets
stuff
fast,
isn't
review
for
longer
than
we
intend
and
then
it
it
misses
that
window.
And
then
we
don't
want
to
wait
twenty
more
days
to
merge
this
thing.
I
mean
we
can,
but
then
that
defeats
the
purpose
of
right.
B
Doesn't
really
matter
at
all
all
right
if
that
doesn't
work?
What,
if
option
number
two,
we
say
our
main
concern
with
us
merging
code
and
then
like
slowly.
Getting
it
back
to
canonical
is
that
we
might
actually
have
a
rename
or
a
change
of
file
or
deletion
of
file.
Obviously,
that
would
mean
that
someone
is
building
on
top
of
something
that
already
does
not
exist.
B
What
if
we
say
that
inside
of
Security,
merge
requests,
danger,
checks
for
addition,
oh
sorry,
removal
of
a
file,
and
if
it
removes
the
file,
the
CI
pipeline
fails
with
a
notification
that
hey.
If
you
need
to
remove
a
file,
you
need
to
do
the
refactoring
first
in
canonical
that
way,
ensure
that
canonical
always
will
at
least
have
similar
files,
if
not
just
completely
the
same
content.
B
A
B
A
B
B
B
B
B
A
A
B
A
A
B
B
Cannot
even
focus
only
on
one
system,
so
let's
say
this
whole
process
that
we
are
talking
about.
If
you
just
focus
on
getting
this
thing
auto
deploy
to
calm,
then
the
rest
of
the
process
doesn't
work
for
self
man
is
released
and
if
you
only
focus
on
self
managed
to
release,
get
a
load
come,
we
will
always
be
behind,
which
is
already
complex
enough,
because
get
or
calm
gets
changes
much
much
much
much
faster.
B
B
A
B
Let's,
let's
say
for
the
sake
of
our
discussion
here:
we
don't
have
that
require
like
there
is
that's
not
going
to
happen,
yeah
it's
an
edge
case
for
sure
it's
an
edge
case.
Let's
say
it's
not
going
to
happen
and
if
it
does,
we
will
have
to
handle
it
on
that
case
on
the
case
/
case
basis,
would
that
system
unlock
us
enough
and
give
us
enough
time.
B
B
B
B
A
B
B
B
B
A
A
A
For
pick
into
auto,
deploy,
merge
requests,
those
are
still
open
against
canonical
master
release
tools,
text
for
the
label
and
for
those
merchants
that
have
been
merged
the
label,
it
picks
them
into
the
security
auto
deploy
branch
which
goes
to
build,
and
it's
still
out
of
the
plate
as
normal.
We
just
add
these
curry
prefix
for
that
tooling,
for
security
fixes.
That's
developed
against
the
secure
repository
with
merge
request
opened
against
security
master,
which
contains
the
latest
rage
from
canonical
master
and
possibly
other
changes.
A
Well,
once
security
of
Mars
of
merging
its
master
they're
deployed
production,
and
then
the
developer
does
back
for
it,
so
there's
twelve
tree
stable
and
all
those
backwards
yep
that
stuff
continues
as
normal
I
believe
mmm-hmm
yep,
because
those
are
just
stable
branches.
We
still
build
off
of
those.
B
A
B
B
B
B
B
A
B
B
Yeah
and
then
basically,
the
process
remains
the
same.
In
the
canonical
repository
people
will
merge
things
into
master,
they
will
apply
a
pic
into
auto
deploy
label,
and
then
we
will
use
the
same
thing
that
we
currently
have
in
our
release
tools:
only
insecurity
repository,
so
we
will
be
checking
for
peek
into
auto,
deploy
in
the
canonical,
but
we
will
actually
executing
commands
in
the
security.
B
B
A
Actually
like
this,
having
everything
in
this
closet
opens
up
confusion
where
we
have
normal
branches
and
prefix
branches
and
then
which
one
I'm
a
developer,
which
one
do
I
open
energy
quest
against.
Well
then,
we
have
to
add
some
like
either
or
all
of
like
a
merger
by
simple
a
danger.
Checking
bot
checking
I
can.
B
A
B
A
A
B
Master
is
the
only
one
we
cannot
do
this
in
so,
if
you're
saying
basically,
let's
having
the
canonical
repository
Auto
deploy
branches
like
we
have
them
right
now,
merging
to
them
and
then
have
merge,
train
merge
stuff
in
the
security
repositories
into
the
same
branch,
but
with
the
security
prefix.
Yes,
we
can
do
that
master
is
the
problem
here,
because
master
is
two-way.
B
Every
other
branch
can
be
one
way
only,
and
if
it's
not
one
way,
they
are
slow
enough
that
they
can
be
circular
right,
so
12:3
stable
can
go
into
from
canonical
security
and
then
from
security
to
build.
But
then
we
have
total
control
over
just
let's
sing
from
security
back
to
canonical.
So
it
is
completing
the
circle.