On 5/10/2023 3:18 PM, Junio C Hamano wrote: > "Derrick Stolee via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes: > >> This patch was reviewed on the Git security list, but the impact seemed >> limited to Git forges using merge-ort to create merge commits. The >> forges represented on the list have deployed versions of this patch and >> thus are no longer vulnerable. > > Let's queue directly on 'next' (unlike 'master', where we want to > merge only commits that had exposure in 'next' for a week or so, > there is no formal requirement for topics to enter 'next' before > spending any time in 'seen') and fast-track to 'master', as I've > seen it already reviewed adequately over there. Thanks for picking it up so quickly. I did not mean to imply that we should merge to master without giving the public list time to digest the patch. It is a rather simple one, though. Thanks, -Stolee
