When a security patch will fail to apply to the next MediaWiki release we want to:
- Leave a comment on the security task for the patch that it's failing to apply
- Set the task as UBN!
- Add it as a train blocker for the next release
- The task comment should give next steps
- where to put the new security patch on the deployment server
- i.e., where should this patch should go/what commands should be run so the new patch is in the right place for next week's deployment
Background
When there is a security problem in MediaWiki requiring a security patch
- A security task is created for the issue
- A patch is uploaded to the task
- The patch is added to the /srv/patches directory on the deployment server for the relevant version(s); e.g., /srv/patches/1.41.0-wmf.1/core/01-TXXXX.patch
- Until a security release is made, that patch is copied forward by our deployment tooling
If a patch fails to apply the next version of MediaWiki (e.g., a patch for 1.41.0-wmf.1 that will have conflicts with 1.41.0-wmf.2), the current status is Release-Engineering-Team is notified. And then Release-Engineering-Team notifies people manually in phabricator to help find a fix.
This task changes who is notified and where/how they're notified to better streamline the process of finding and uploading patch fixes.