Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: add request to hold off publicising sec releases #46702

Closed
wants to merge 1 commit into from

Conversation

mhdawson
Copy link
Member

  • We've often seen tweets go out early before announcement and other parts of the security release complete
  • Make an explicit ask that collorators avoid doing this by gating on the tweet from the Node.js account
  • Releasers would still be free to tweet earlier as they know when the process is complete.

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/tsc

@mhdawson mhdawson added the tsc-agenda Issues and PRs to discuss during the meetings of the TSC. label Feb 17, 2023
@nodejs-github-bot nodejs-github-bot added the doc Issues and PRs related to the documentations. label Feb 17, 2023
doc/contributing/security-release-process.md Outdated Show resolved Hide resolved
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@richardlau
Copy link
Member

There's a typo in the commit message ("collorators").

Also I'm +1 for the ask but I'm not sure any collaborator reads this doc unless they are involved with a security release. I don't really have a suggestion though for where a better place to put this would be.

- We've often seen tweets go out early before announcement
  and other parts of the security release complete
- Make an explicit ask that collaborators avoid doing this
  by gating on the tweet from the Node.js account
- Releasers would still be free to tweet earlier as they know
  when the process is complete.

Signed-off-by: Michael Dawson <[email protected]>
@mhdawson
Copy link
Member Author

@richardlau once we have this documented I'm going to publicise to try to make sure collaborators are aware and in cases where they are not we can point them to this doc so that we improve over time.

@mhdawson
Copy link
Member Author

Fixed the typo in the commit comment.

mhdawson added a commit that referenced this pull request Mar 1, 2023
- We've often seen tweets go out early before announcement
  and other parts of the security release complete
- Make an explicit ask that collaborators avoid doing this
  by gating on the tweet from the Node.js account
- Releasers would still be free to tweet earlier as they know
  when the process is complete.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #46702
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Robert Nagy <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Akhil Marsonya <[email protected]>
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Antoine du Hamel <[email protected]>
Reviewed-By: Chengzhong Wu <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Trivikram Kamat <[email protected]>
Reviewed-By: Darshan Sen <[email protected]>
@mhdawson
Copy link
Member Author

mhdawson commented Mar 1, 2023

Landed in 7cb09f4

@mhdawson mhdawson closed this Mar 1, 2023
targos pushed a commit that referenced this pull request Mar 13, 2023
- We've often seen tweets go out early before announcement
  and other parts of the security release complete
- Make an explicit ask that collaborators avoid doing this
  by gating on the tweet from the Node.js account
- Releasers would still be free to tweet earlier as they know
  when the process is complete.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #46702
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Robert Nagy <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Akhil Marsonya <[email protected]>
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Antoine du Hamel <[email protected]>
Reviewed-By: Chengzhong Wu <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Trivikram Kamat <[email protected]>
Reviewed-By: Darshan Sen <[email protected]>
targos pushed a commit that referenced this pull request Mar 14, 2023
- We've often seen tweets go out early before announcement
  and other parts of the security release complete
- Make an explicit ask that collaborators avoid doing this
  by gating on the tweet from the Node.js account
- Releasers would still be free to tweet earlier as they know
  when the process is complete.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #46702
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Robert Nagy <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Akhil Marsonya <[email protected]>
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Antoine du Hamel <[email protected]>
Reviewed-By: Chengzhong Wu <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Trivikram Kamat <[email protected]>
Reviewed-By: Darshan Sen <[email protected]>
danielleadams pushed a commit that referenced this pull request Apr 11, 2023
- We've often seen tweets go out early before announcement
  and other parts of the security release complete
- Make an explicit ask that collaborators avoid doing this
  by gating on the tweet from the Node.js account
- Releasers would still be free to tweet earlier as they know
  when the process is complete.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #46702
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Robert Nagy <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Akhil Marsonya <[email protected]>
Reviewed-By: Gireesh Punathil <[email protected]>
Reviewed-By: Antoine du Hamel <[email protected]>
Reviewed-By: Chengzhong Wu <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Trivikram Kamat <[email protected]>
Reviewed-By: Darshan Sen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
doc Issues and PRs related to the documentations. tsc-agenda Issues and PRs to discuss during the meetings of the TSC.
Projects
None yet
Development

Successfully merging this pull request may close these issues.