-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: de-duplicate security release processes #30996
Conversation
doing the release. | ||
|
||
* [ ] Send an email to the docker official image | ||
[maintainers](https://github.com/docker-library/official-images/blob/master/MAINTAINERS) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tianon @yosifkit -- could you please subscribe to https://groups.google.com/forum/#!forum/nodejs-sec ? Having to send the announcement emails to two distribution lists seems unnecessary. Note that the list is SPAM free. The only posts to it are the pre and post release announcements, and the process currently requires docker-specific notifications both pre and post release.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Absolutely, I'm subscribed and I believe @yosifkit is as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So my extra email today was just spam :-(. Sorry! But it won't happen again if we get this landed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not a problem, I'd much rather get over-notified than under. 👍
[maintainers](https://github.com/docker-library/official-images/blob/master/MAINTAINERS) | ||
with an FYI that security releases will be going out on the agreed date. | ||
|
||
* [ ] Open an issue in the [docker-node](https://github.com/nodejs/docker-node) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nodejs/docker could some members please subscribe to https://groups.google.com/forum/#!forum/nodejs-sec ? It is extremely low-traffic, it consists of one email a week before sec releases to warn you that they are coming, and of the date, and another email after the release so you can know to be ready to continue the docker release process.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
might be appropriate. | ||
|
||
* [ ] Email foundation contact to tweet out nodejs-sec announcement from | ||
foundation twitter account. FIXME - who is this contact? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nodejs/tsc who is this contact? Is this even correct anymore? I think the twitter account may be in process of becoming a direct TSC responsibility again?
33447d2
to
34c433a
Compare
The security release process is spread across multiple files. Merge these two files to remove duplication and inconsistency. Also, make the format more useful for inserting into the description of the Next Security Release issue description. This seems an obvious candidate for a github issue template, but if it was, the content would not be reviewable by anyone outside of those on the security teams, and the process should be public for purposes of transparency and review.
34c433a
to
316e152
Compare
The security release process is spread across multiple files. Merge these two files to remove duplication and inconsistency. Also, make the format more useful for inserting into the description of the Next Security Release issue description. This seems an obvious candidate for a github issue template, but if it was, the content would not be reviewable by anyone outside of those on the security teams, and the process should be public for purposes of transparency and review. PR-URL: #30996 Reviewed-By: Rich Trott <rtrott@gmail.com>
Landed in c052113 |
The security release process is spread across multiple files. Merge these two files to remove duplication and inconsistency. Also, make the format more useful for inserting into the description of the Next Security Release issue description. This seems an obvious candidate for a github issue template, but if it was, the content would not be reviewable by anyone outside of those on the security teams, and the process should be public for purposes of transparency and review. PR-URL: #30996 Reviewed-By: Rich Trott <rtrott@gmail.com>
The security release process is spread across multiple files. Merge these two files to remove duplication and inconsistency. Also, make the format more useful for inserting into the description of the Next Security Release issue description. This seems an obvious candidate for a github issue template, but if it was, the content would not be reviewable by anyone outside of those on the security teams, and the process should be public for purposes of transparency and review. PR-URL: #30996 Reviewed-By: Rich Trott <rtrott@gmail.com>
The security release process is spread across multiple files. Merge these two files to remove duplication and inconsistency. Also, make the format more useful for inserting into the description of the Next Security Release issue description. This seems an obvious candidate for a github issue template, but if it was, the content would not be reviewable by anyone outside of those on the security teams, and the process should be public for purposes of transparency and review. PR-URL: #30996 Reviewed-By: Rich Trott <rtrott@gmail.com>
The security release process is spread across multiple files. Merge
these two files to remove duplication and inconsistency. Also, make the
format more useful for inserting into the description of the Next
Security Release issue description.
This seems an obvious candidate for a github issue template, but if it
was, the content would not be reviewable by anyone outside of those on
the security teams, and the process should be public for purposes of
transparency and review.
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes