summaryrefslogtreecommitdiff
path: root/doc/release
diff options
context:
space:
mode:
authorJacob Vosmaer <contact@jacobvosmaer.nl>2014-11-24 12:14:19 +0100
committerJacob Vosmaer <contact@jacobvosmaer.nl>2014-11-24 12:14:19 +0100
commit4e3bf439cba782bf7d3ea326f0f6f5878166f0e2 (patch)
tree6cd937ddddf73d5d640d6a16982523c8ee9aa4b3 /doc/release
parente0c870c0451789318e46ff5cb2b44a8d7d555f4c (diff)
downloadgitlab-ce-4e3bf439cba782bf7d3ea326f0f6f5878166f0e2.tar.gz
Establish ownership of security releases
Diffstat (limited to 'doc/release')
-rw-r--r--doc/release/patch.md1
-rw-r--r--doc/release/security.md2
2 files changed, 3 insertions, 0 deletions
diff --git a/doc/release/patch.md b/doc/release/patch.md
index 6ed56427e9a..ce5c2170302 100644
--- a/doc/release/patch.md
+++ b/doc/release/patch.md
@@ -17,6 +17,7 @@ Otherwise include it in the monthly release and note there was a regression fix
1. Create an issue on private GitLab development server
1. Name the issue "Release X.X.X CE and X.X.X EE", this will make searching easier
1. Fix the issue on a feature branch, do this on the private GitLab development server
+1. If it is a security issue, then assign it to the release manager and apply a 'security' label
1. Consider creating and testing workarounds
1. After the branch is merged into master, cherry pick the commit(s) into the current stable branch
1. Make sure that the build has passed and all tests are passing
diff --git a/doc/release/security.md b/doc/release/security.md
index 79d23c02ea4..a7fb57921df 100644
--- a/doc/release/security.md
+++ b/doc/release/security.md
@@ -14,7 +14,9 @@ Please report suspected security vulnerabilities in private to <support@gitlab.c
1. Verify that the issue can be reproduced
1. Acknowledge the issue to the researcher that disclosed it
+1. Inform the release manager that there needs to be a security release
1. Do the steps from [patch release document](doc/release/patch.md), starting with "Create an issue on private GitLab development server"
+1. The MR with the security fix should get a 'security' label and be assigned to the release manager
1. Create feature branches for the blog post on GitLab.com and link them from the code branch
1. Merge and publish the blog posts
1. Send tweets about the release from `@gitlabhq`