svn commit: r1834288 - /httpd/site/trunk/content/dev/release.mdtext

[mj...@apache.org]

Author: mjc
Date: Mon Jun 25 09:41:42 2018
New Revision: 1834288

URL: http://svn.apache.org/viewvc?rev=1834288&view=rev
Log:
Add details of the extra step needed for security releases, updating vulnerabilities-httpd.xml.  This
got missed in the past and Eric reminded me to add some details about this here.

Modified:
    httpd/site/trunk/content/dev/release.mdtext

Modified: httpd/site/trunk/content/dev/release.mdtext
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/dev/release.mdtext?rev=1834288&r1=1834287&r2=1834288&view=diff
==============================================================================
--- httpd/site/trunk/content/dev/release.mdtext (original)
+++ httpd/site/trunk/content/dev/release.mdtext Mon Jun 25 09:41:42 2018
@@ -328,9 +328,18 @@ also has the RM's name and key ID for ve
 are published by CMS. More information can be found
 [here](https://svn.apache.org/repos/asf/httpd/site/trunk/README).
 
-Immediately after the announcement, if the release contained any CVE fixes,
-some additional work is required to perform notifications. See the final stages of 
-https://www.apache.org/security/committers.html for details.
+# What extra steps for releases containing security fixes?
+
+If a release contains a fix for any security issues then you need to ensure that the
+extra steps [here](https://www.apache.org/security/committers.html) are followed.
+
+Additionally you need to update the ( `httpd/site/trunk/content/security/vulnerabilities-httpd.xml` ) file
+with details of all the security fixes.  Once committed this will automatically generate the relevant
+security pages.  This information can also be used to help generate the annoucement emails.  Make sure
+to use CMS to publish these page updates.
+
+You may wish to stage the xml file in the private SECURITY repo prior to the release to allow
+issues to be spotted.
 
 # Should the announcement wait for binaries? #