[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Sign advisories?

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Tue, 25 Oct 2016 17:30:12 +0000

When we do a security release, we upload a *.txt advisory to
https://subversion.apache.org/security/ and link it from the
announcement. That advisory isn't currently signed. Could we sign
them?

That'd be useful, since they contain patches. They are already signed
in the "embargoed pre-notification" emails, IIRC; just not when they're
uploaded to the site.

Cheers,

Daniel

P.S. I couldn't find where the "Security release checklist" that the RM
follows for security releases is. Any pointers?
Received on 2016-10-25 19:34:22 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.