You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by ic...@apache.org on 2021/10/05 09:07:17 UTC

svn commit: r1893910 - /httpd/dev-tools/release/README

Author: icing
Date: Tue Oct  5 09:07:16 2021
New Revision: 1893910

URL: http://svn.apache.org/viewvc?rev=1893910&view=rev
Log:
 * updated description on how to handle CVEs after
   discussion with Mark.


Modified:
    httpd/dev-tools/release/README

Modified: httpd/dev-tools/release/README
URL: http://svn.apache.org/viewvc/httpd/dev-tools/release/README?rev=1893910&r1=1893909&r2=1893910&view=diff
==============================================================================
--- httpd/dev-tools/release/README (original)
+++ httpd/dev-tools/release/README Tue Oct  5 09:07:16 2021
@@ -32,8 +32,15 @@ Usage overview:
      # commit all locally staged changes to repositories and website
    > $DEV_TOOLS/release/r6-announce.sh
      # announce it to the world by mail (well, tell you how to do it)
-     # Set release CVEs to READY on the cveprocess site
    # Check that the website works. Check the download page, the vulnerabilities page.
+   # Process the CVEs that have been part of the release:
+     - set CVEs to READY on the cveprocess site
+     - Use the 'OSS/ASF Emails' tab for the emails you should send to oss-security
+       and to Apache lists.
+     - Fill in a 'reference' type 'CONFIRM' with the URL to your public post about
+       this issue. ASF Security will be notified and will submit to the CVE
+       project and then set state to 'PUBLIC'.
+
 
  On vote failure or when aborting for other reasons:
    > $DEV_TOOLS/release/reset-candidate.sh version