doc: de-duplicate security release processes #30996
Conversation
| doing the release. | ||
|
|
||
| * [ ] Send an email to the docker official image | ||
| [maintainers](https://github.com/docker-library/official-images/blob/master/MAINTAINERS) |
There was a problem hiding this comment.
@tianon @yosifkit -- could you please subscribe to https://groups.google.com/forum/#!forum/nodejs-sec ? Having to send the announcement emails to two distribution lists seems unnecessary. Note that the list is SPAM free. The only posts to it are the pre and post release announcements, and the process currently requires docker-specific notifications both pre and post release.
There was a problem hiding this comment.
Absolutely, I'm subscribed and I believe @yosifkit is as well.
There was a problem hiding this comment.
So my extra email today was just spam :-(. Sorry! But it won't happen again if we get this landed.
There was a problem hiding this comment.
It's not a problem, I'd much rather get over-notified than under. 👍
| [maintainers](https://github.com/docker-library/official-images/blob/master/MAINTAINERS) | ||
| with an FYI that security releases will be going out on the agreed date. | ||
|
|
||
| * [ ] Open an issue in the [docker-node](https://github.com/nodejs/docker-node) |
There was a problem hiding this comment.
@nodejs/docker could some members please subscribe to https://groups.google.com/forum/#!forum/nodejs-sec ? It is extremely low-traffic, it consists of one email a week before sec releases to warn you that they are coming, and of the date, and another email after the release so you can know to be ready to continue the docker release process.
| might be appropriate. | ||
|
|
||
| * [ ] Email foundation contact to tweet out nodejs-sec announcement from | ||
| foundation twitter account. FIXME - who is this contact? |
There was a problem hiding this comment.
@nodejs/tsc who is this contact? Is this even correct anymore? I think the twitter account may be in process of becoming a direct TSC responsibility again?
sam-github
force-pushed
the
integrate-sec-processes
branch
from
33447d2
to
34c433a
Compare
The security release process is spread across multiple files. Merge these two files to remove duplication and inconsistency. Also, make the format more useful for inserting into the description of the Next Security Release issue description. This seems an obvious candidate for a github issue template, but if it was, the content would not be reviewable by anyone outside of those on the security teams, and the process should be public for purposes of transparency and review.
sam-github
force-pushed
the
integrate-sec-processes
branch
from
34c433a
to
316e152
Compare
The security release process is spread across multiple files. Merge these two files to remove duplication and inconsistency. Also, make the format more useful for inserting into the description of the Next Security Release issue description. This seems an obvious candidate for a github issue template, but if it was, the content would not be reviewable by anyone outside of those on the security teams, and the process should be public for purposes of transparency and review. PR-URL: #30996 Reviewed-By: Rich Trott <rtrott@gmail.com>
|
Landed in c052113 |
The security release process is spread across multiple files. Merge these two files to remove duplication and inconsistency. Also, make the format more useful for inserting into the description of the Next Security Release issue description. This seems an obvious candidate for a github issue template, but if it was, the content would not be reviewable by anyone outside of those on the security teams, and the process should be public for purposes of transparency and review. PR-URL: #30996 Reviewed-By: Rich Trott <rtrott@gmail.com>
The security release process is spread across multiple files. Merge these two files to remove duplication and inconsistency. Also, make the format more useful for inserting into the description of the Next Security Release issue description. This seems an obvious candidate for a github issue template, but if it was, the content would not be reviewable by anyone outside of those on the security teams, and the process should be public for purposes of transparency and review. PR-URL: #30996 Reviewed-By: Rich Trott <rtrott@gmail.com>
The security release process is spread across multiple files. Merge these two files to remove duplication and inconsistency. Also, make the format more useful for inserting into the description of the Next Security Release issue description. This seems an obvious candidate for a github issue template, but if it was, the content would not be reviewable by anyone outside of those on the security teams, and the process should be public for purposes of transparency and review. PR-URL: #30996 Reviewed-By: Rich Trott <rtrott@gmail.com>
The security release process is spread across multiple files. Merge
these two files to remove duplication and inconsistency. Also, make the
format more useful for inserting into the description of the Next
Security Release issue description.
This seems an obvious candidate for a github issue template, but if it
was, the content would not be reviewable by anyone outside of those on
the security teams, and the process should be public for purposes of
transparency and review.
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes