Add llvm-project archive issues for Chromium bug tracker #132030
Conversation
The Chromium bug tracker is in an archived state. The Security Response Group has preemptively created llvm-project GitHub issues with PDF copies of the Chromium issues should the repository become inaccessible. * Replace URLs in format: https://bugs.chromium.org/p/llvm/issues/detail?id=X with their redirect https://issuetracker.google.com/issues/y * Add URLs to llvm-project archive issues. * Add an explanation of archive use.
smithp35
requested review from
DimitryAndric,
ahmedbougacha,
cuviper,
emaste,
gburgessiv,
kbeyls,
mrragava,
ormris,
serge-sans-paille,
tuliom and
yroux
|
Added as many from the security group as I could autocomplete from GitHub reviewers. I don't think this needs everyone to review as this isn't a policy change. |
|
|
||
| * https://bugs.chromium.org/p/llvm/issues/detail?id=5 | ||
| * https://bugs.chromium.org/p/llvm/issues/detail?id=11 | ||
| * https://issuetracker.google.com/issues/42410043 archive: |
There was a problem hiding this comment.
I think it might be good to keep the original bugs.chromium.org urls, so that mapping from original chromium id remains possible. But this is only a weakly held opinion on my part...
There was a problem hiding this comment.
I'll have a think about this. For the newly created bugs I chose the redirected URL as that's what people will see when they click on the link. Which makes it easier to cross check.
Happy to change back if there's a consensus, I think I'll need to update the links in the llvm-project issues too.
There was a problem hiding this comment.
I've updated all the Github issues I've created to contain the original URLs. Current form using #131849 as an example:
This is an archival issue from the Security Group's Chromium bug-tracker which has now been archived. Capturing the contents of the Chromium issue in a PDF in case link.
https://issuetracker.google.com/u/1/issues/42410036 (Previous URL https://bugs.chromium.org/p/llvm/issues/detail?id=43) Vulnerable Version of xml2js Used in MLIR Manifest File
Published in https://llvm.org/docs/SecurityTransparencyReports.html#id3
[Vulnerable Version of xml2js Used in MLIR Manifest File [42410036] - Issue Tracker.pdf](https://github.com/user-attachments/files/19323328/Vulnerable.Version.of.xml2js.Used.in.MLIR.Manifest.File.42410036.-.Issue.Tracker.pdf)
There was a problem hiding this comment.
To resolve the original vs redirect URL I've found a way to include both for each issue. This does have the advantage that it is easier to check all the URLs are correct and refer to the same issue. I've double checked all the URLs with a redirect against the details in the archive.
* year should have been name. * reworded part about archives. I've kept the URLs the same for now.
| @@ -1,8 +1,18 @@ | |||
| ======================================== | |||
| LLVM Security Group Transparency Reports | |||
There was a problem hiding this comment.
This is probably beyond the scope of this PR, but it looks like the name of the group needs to be updated in the title.
There was a problem hiding this comment.
Yes, I thought about updating it, but had enough doubts to not do it in this PR.
|
I've rebased my change on top of the 2024 Transparency report. I'll raise issues for the new Chromium issues on that page and update. |
I've added Github issues for all the new Chromium issue tracker entries.
Original URL cited for consistency with previous transparency report. Redirect URL cited in case that is ever turned off. Archive URL cited in case Chromium data deleted for whatever reason.
| label. | ||
|
|
||
| Each Chromium issue has 3 URLs, the first is the original URL recorded in | ||
| previous transparency reports. the second is the redirect URL to the archive. |
There was a problem hiding this comment.
Thanks for spotting, will fix.
4 participants
The Chromium bug tracker is in an archived state. The Security Response Group has preemptively created llvm-project GitHub issues with PDF copies of the Chromium issues should the repository become inaccessible.