Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: de-duplicate security release processes #30996

Closed
wants to merge 1 commit into from

Conversation

sam-github
Copy link
Contributor

@sam-github sam-github commented Dec 16, 2019

The security release process is spread across multiple files. Merge
these two files to remove duplication and inconsistency. Also, make the
format more useful for inserting into the description of the Next
Security Release issue description.

This seems an obvious candidate for a github issue template, but if it
was, the content would not be reviewable by anyone outside of those on
the security teams, and the process should be public for purposes of
transparency and review.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added the doc Issues and PRs related to the documentations. label Dec 16, 2019
doing the release.

* [ ] Send an email to the docker official image
[maintainers](https://github.com/docker-library/official-images/blob/master/MAINTAINERS)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tianon @yosifkit -- could you please subscribe to https://groups.google.com/forum/#!forum/nodejs-sec ? Having to send the announcement emails to two distribution lists seems unnecessary. Note that the list is SPAM free. The only posts to it are the pre and post release announcements, and the process currently requires docker-specific notifications both pre and post release.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Absolutely, I'm subscribed and I believe @yosifkit is as well.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So my extra email today was just spam :-(. Sorry! But it won't happen again if we get this landed.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not a problem, I'd much rather get over-notified than under. 👍

[maintainers](https://github.com/docker-library/official-images/blob/master/MAINTAINERS)
with an FYI that security releases will be going out on the agreed date.

* [ ] Open an issue in the [docker-node](https://github.com/nodejs/docker-node)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nodejs/docker could some members please subscribe to https://groups.google.com/forum/#!forum/nodejs-sec ? It is extremely low-traffic, it consists of one email a week before sec releases to warn you that they are coming, and of the date, and another email after the release so you can know to be ready to continue the docker release process.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

might be appropriate.

* [ ] Email foundation contact to tweet out nodejs-sec announcement from
foundation twitter account. FIXME - who is this contact?
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nodejs/tsc who is this contact? Is this even correct anymore? I think the twitter account may be in process of becoming a direct TSC responsibility again?

The security release process is spread across multiple files. Merge
these two files to remove duplication and inconsistency. Also, make the
format more useful for inserting into the description of the Next
Security Release issue description.

This seems an obvious candidate for a github issue template, but if it
was, the content would not be reviewable by anyone outside of those on
the security teams, and the process should be public for purposes of
transparency and review.
sam-github added a commit that referenced this pull request Dec 31, 2019
The security release process is spread across multiple files. Merge
these two files to remove duplication and inconsistency. Also, make the
format more useful for inserting into the description of the Next
Security Release issue description.

This seems an obvious candidate for a github issue template, but if it
was, the content would not be reviewable by anyone outside of those on
the security teams, and the process should be public for purposes of
transparency and review.

PR-URL: #30996
Reviewed-By: Rich Trott <[email protected]>
@sam-github
Copy link
Contributor Author

Landed in c052113

@sam-github sam-github closed this Dec 31, 2019
BridgeAR pushed a commit that referenced this pull request Jan 3, 2020
The security release process is spread across multiple files. Merge
these two files to remove duplication and inconsistency. Also, make the
format more useful for inserting into the description of the Next
Security Release issue description.

This seems an obvious candidate for a github issue template, but if it
was, the content would not be reviewable by anyone outside of those on
the security teams, and the process should be public for purposes of
transparency and review.

PR-URL: #30996
Reviewed-By: Rich Trott <[email protected]>
@BridgeAR BridgeAR mentioned this pull request Jan 7, 2020
targos pushed a commit that referenced this pull request Jan 14, 2020
The security release process is spread across multiple files. Merge
these two files to remove duplication and inconsistency. Also, make the
format more useful for inserting into the description of the Next
Security Release issue description.

This seems an obvious candidate for a github issue template, but if it
was, the content would not be reviewable by anyone outside of those on
the security teams, and the process should be public for purposes of
transparency and review.

PR-URL: #30996
Reviewed-By: Rich Trott <[email protected]>
BethGriggs pushed a commit that referenced this pull request Feb 6, 2020
The security release process is spread across multiple files. Merge
these two files to remove duplication and inconsistency. Also, make the
format more useful for inserting into the description of the Next
Security Release issue description.

This seems an obvious candidate for a github issue template, but if it
was, the content would not be reviewable by anyone outside of those on
the security teams, and the process should be public for purposes of
transparency and review.

PR-URL: #30996
Reviewed-By: Rich Trott <[email protected]>
@MylesBorins MylesBorins mentioned this pull request Feb 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
doc Issues and PRs related to the documentations.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants