Security release procedures

From: Julian Foad <julianfoad_at_apache.org>
Date: Wed, 31 Jul 2019 21:36:09 +0100

I handled two security fixes in the recent set of patch releases. It was
the first time I had done it and the procedures were rather less than
push-of-a-button simple to follow.

1. We should move as much as possible of the scripts and documentation
that exists in a private repo, into a public place.

2. We should discuss and review such procedures in public (here).

The Subversion PMC discussed and agreed the above on its private mailing
list, recently. IIRC, all 'full committers' as listed in the
'COMMITTERS' file are PMC members and so have access to that discussion
and the 'security' repo if they want to help deal with this.

I'll follow up with some specific issues some time later. This email is
just to get the ball rolling so that anybody willing to do anything in
this direction can see they have a green light to do so.

- Julian
Received on 2019-07-31 22:36:11 CEST

This message: [ Message body ]
Next message: Daniel Shahaf: "Re: Wrong backports listing on website"
Previous message: Julian Foad: "Re: Wrong backports listing on website"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]