Developing security patches/tr

Bu belge, güvenlik hataları için bir düzeltme geliştirme sürecini özetlemektedir. Bu öncelikle, güvenlik sorunları için yamalar ve diğer hatalar arasındaki farkları vurgulayarak, sürece sıklıkla dahil olmayan geliştiriciler içindir.

Bir güvenlik sorunu için düzeltmeleri dağıtmaya veya yayınlamaya çalışıyorsanız, muhtemelen:
 * How to deploy code - The canonical reference for deploying security patches on the WMF cluster
 * How to perform security fixes - A slightly dated guide to the WMF's deployment and release process

Güvenlik düzeltme eki oluşturma
If you've found a security issue and are developing a patch, read on. This assumes that a task has been created in Phabricator.


 * 1) Ensure you can duplicate the issue in your local development environment, and make sure steps to reproduce the issue are documented in Phabricator.
 * 2) Fix the issue on the master branch of the appropriate repo.
 * 3) Ensure existing unit tests pass, and when possible, add unit tests that specifically test for the security issue.
 * 4) Create a local patch file, do not push into Gerrit for review!
 * 5) * Prefix your commit message with "SECURITY:" (not "[SECURITY]", "Security", or the task number). This helps deployers quickly see which security patches have been applied on WMF's deployment server.
 * 6) * Create the patch with git format-patch --stdout HEAD~1 > T12345.patch . In general, the filename should begin with the Phabricator task id. The patches are put in a single directory on WMF's deployment server prior to release, so putting the Phabricator task id in the name lets other users quickly lookup the history of the patch.
 * 7) ** If the patch applies to a specific deployment branch, it's generally helpful to add the branch name into the filename, e.g., T12345-wfm8.patch, or T12345-REL1_24.patch.

Yamanızı yükleyin
Attach the patch to to the Phabricator task. '''Do not upload the patch to Gerrit. Even "draft" patchsets can be accessed by anyone.''' Either,
 * drag-and-drop the patch into the comment section of the task
 * Go to https://phabricator.wikimedia.org/file/upload/, select your patch to upload, and select 'No One' from the 'Visible To' drop down. Link to the uploaded file on the Phabricator task.

Güvenlik yamalarını gözden geçirme
Since patches are not in Gerrit for review, reviewers should add comments on patches in Phabricator. Before a patch is deployed on the WMF cluster, a qualified reviewer should comment in Phabricator that they have reviewed the patch and it is ready to be deployed (equivalent of a "+2" in Gerrit).