[webkit-dev] rolling out a buggy security patch

Osztrogonác Csaba oszi at inf.u-szeged.hu
Tue Mar 12 01:15:29 PDT 2013

Hi All,

https://trac.webkit.org/changeset/145482 which is a security
fix, broke 33 JSC tests and made zillion layout test timeout
on all platform. (It seems the author forgot to run tests at
least on his own platform and watching the bots after landing.)

It made bots early exit and very long test runtime. Now bots can't
catch any new regression because of this patch. I tried to ping the
author and reviewer on #webkit, but they are unavailable.

Unfortunately rolling out isn't possible with sheriffbot. And I
don't think if I have authorization for rolling out a security fix
without review irrespectively of its goodness/buginess. Additionally
EWS bots can't test security patches without security group access.
And gardeners can't comment the original security bug report because
of the same reason.

So I filed a new bug report about this serious and blocker regression:
https://bugs.webkit.org/show_bug.cgi?id=112112 and I propose that we
should roll it out until the author can fix it offline. Could you
review this rollout patch, please?

Otherwise it would be great if EWS bots can test security patches
before committing to avoid similar problems. I noticed that a security
fix broke the build and/or many tests several times.


More information about the webkit-dev mailing list