You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2018/06/25 09:41:49 UTC

svn commit: r1031708 - in /websites/staging/httpd/trunk/content: ./ dev/release.html

Author: buildbot
Date: Mon Jun 25 09:41:49 2018
New Revision: 1031708

Log:
Staging update by buildbot for httpd

Modified:
    websites/staging/httpd/trunk/content/   (props changed)
    websites/staging/httpd/trunk/content/dev/release.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Jun 25 09:41:49 2018
@@ -1 +1 @@
-1832137
+1834288

Modified: websites/staging/httpd/trunk/content/dev/release.html
==============================================================================
--- websites/staging/httpd/trunk/content/dev/release.html (original)
+++ websites/staging/httpd/trunk/content/dev/release.html Mon Jun 25 09:41:49 2018
@@ -405,9 +405,15 @@ and download pages ( <code>httpd/site/tr
 also has the RM's name and key ID for verification. These changes
 are published by CMS. More information can be found
 <a href="https://svn.apache.org/repos/asf/httpd/site/trunk/README">here</a>.</p>
-<p>Immediately after the announcement, if the release contained any CVE fixes,
-some additional work is required to perform notifications. See the final stages of 
-https://www.apache.org/security/committers.html for details.</p>
+<h1 id="what-extra-steps-for-releases-containing-security-fixes">What extra steps for releases containing security fixes?<a class="headerlink" href="#what-extra-steps-for-releases-containing-security-fixes" title="Permanent link">&para;</a></h1>
+<p>If a release contains a fix for any security issues then you need to ensure that the
+extra steps <a href="https://www.apache.org/security/committers.html">here</a> are followed.</p>
+<p>Additionally you need to update the ( <code>httpd/site/trunk/content/security/vulnerabilities-httpd.xml</code> ) file
+with details of all the security fixes.  Once committed this will automatically generate the relevant
+security pages.  This information can also be used to help generate the annoucement emails.  Make sure
+to use CMS to publish these page updates.</p>
+<p>You may wish to stage the xml file in the private SECURITY repo prior to the release to allow
+issues to be spotted.</p>
 <h1 id="should-the-announcement-wait-for-binaries">Should the announcement wait for binaries?<a class="headerlink" href="#should-the-announcement-wait-for-binaries" title="Permanent link">&para;</a></h1>
 <p>In short, no. The only files that are required for a public release are the
 source tarballs (.tar.Z,.tar.gz). Volunteers can provide the Win32 source