You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2021/10/05 09:07:17 UTC
svn commit: r1893910 - /httpd/dev-tools/release/README
Author: icing
Date: Tue Oct 5 09:07:16 2021
New Revision: 1893910
URL: http://svn.apache.org/viewvc?rev=1893910&view=rev
Log:
* updated description on how to handle CVEs after
discussion with Mark.
Modified:
httpd/dev-tools/release/README
Modified: httpd/dev-tools/release/README
URL: http://svn.apache.org/viewvc/httpd/dev-tools/release/README?rev=1893910&r1=1893909&r2=1893910&view=diff
==============================================================================
--- httpd/dev-tools/release/README (original)
+++ httpd/dev-tools/release/README Tue Oct 5 09:07:16 2021
@@ -32,8 +32,15 @@ Usage overview:
# commit all locally staged changes to repositories and website
> $DEV_TOOLS/release/r6-announce.sh
# announce it to the world by mail (well, tell you how to do it)
- # Set release CVEs to READY on the cveprocess site
# Check that the website works. Check the download page, the vulnerabilities page.
+ # Process the CVEs that have been part of the release:
+ - set CVEs to READY on the cveprocess site
+ - Use the 'OSS/ASF Emails' tab for the emails you should send to oss-security
+ and to Apache lists.
+ - Fill in a 'reference' type 'CONFIRM' with the URL to your public post about
+ this issue. ASF Security will be notified and will submit to the CVE
+ project and then set state to 'PUBLIC'.
+
On vote failure or when aborting for other reasons:
> $DEV_TOOLS/release/reset-candidate.sh version