Sign advisories?

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Tue, 25 Oct 2016 17:30:12 +0000

When we do a security release, we upload a *.txt advisory to
https://subversion.apache.org/security/ and link it from the
announcement. That advisory isn't currently signed. Could we sign
them?

That'd be useful, since they contain patches. They are already signed
in the "embargoed pre-notification" emails, IIRC; just not when they're
uploaded to the site.

Cheers,

Daniel

P.S. I couldn't find where the "Security release checklist" that the RM
follows for security releases is. Any pointers?
Received on 2016-10-25 19:34:22 CEST

This message: [ Message body ]
Next message: Branko Čibej: "Re: Sign advisories?"
Previous message: Johan Corveleyn: "Re: Migrating our wiki"
Next in thread: Branko Čibej: "Re: Sign advisories?"
Reply: Branko Čibej: "Re: Sign advisories?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]