* [gentoo-commits] gentoo commit in xml/htdocs/security/en: vulnerability-policy.xml coordinator_guide.xml
@ 2008-02-13 12:28 Matthias Geerdsen (vorlon)
0 siblings, 0 replies; only message in thread
From: Matthias Geerdsen (vorlon) @ 2008-02-13 12:28 UTC (permalink / raw
To: gentoo-commits
vorlon 08/02/13 12:28:54
Modified: vulnerability-policy.xml coordinator_guide.xml
Log:
adding releng sections
Revision Changes Path
1.19 xml/htdocs/security/en/vulnerability-policy.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/vulnerability-policy.xml?rev=1.19&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/vulnerability-policy.xml?rev=1.19&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/vulnerability-policy.xml?r1=1.18&r2=1.19
Index: vulnerability-policy.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/vulnerability-policy.xml,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- vulnerability-policy.xml 1 May 2007 18:45:54 -0000 1.18
+++ vulnerability-policy.xml 13 Feb 2008 12:28:53 -0000 1.19
@@ -5,6 +5,12 @@
<author title="Author">
<mail link="koon@gentoo.org">Thierry Carrez</mail>
</author>
+<author title="Author">
+ <mail link="jaervosz@gentoo.org">Sune Kloppenborg Jeppesen</mail>
+</author>
+<author title="Author">
+ <mail link="vorlon@gentoo.org">Matthias Geerdsen</mail>
+</author>
<abstract>
This document describes the policy used in Gentoo Linux to treat
@@ -16,8 +22,8 @@
<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
<license/>
-<version>1.2.5</version>
-<date>March 4, 2007</date>
+<version>1.2.6</version>
+<date>2008-02-13</date>
<chapter>
<title>Scope</title>
@@ -97,6 +103,22 @@
</body>
</section>
<section>
+<title>Release Engineering</title>
+<body>
+<p>
+The Release Engineering ("releng") project appoints a developer to be the
+primary point of contact for security issues.
+</p>
+<p>
+Release Engineering informs the Gentoo Security Project when a first tree
+snapshot is taken for media releases. Beginning with the first snapshot until
+the official media release ("release preparation period"), Release Engineering
+(the appointed security liaison in case of confidential issues) should be cc'd
+on each security bug entering the stabilization phase.
+</p>
+</body>
+</section>
+<section>
<title>Kernels</title>
<body>
@@ -426,7 +448,8 @@
<li>once an ebuild is committed, evaluate what keywords are needed for the fix
ebuild and get arch-specific teams to test and mark
the ebuild stable on their architectures (arch-teams should be cc'd on
- the bug) and set status whiteboard to <c>stable</c></li>
+ the bug, as well as releng during release preparation) and set status
+ whiteboard to <c>stable</c></li>
<li>arch-maintainers should mark the ebuild stable if there is no regression
in the fix ebuild compared to the latest vulnerable version</li>
<li>in parallel, writing a draft GLSA using the GLSAMaker tool</li>
1.19 xml/htdocs/security/en/coordinator_guide.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/coordinator_guide.xml?rev=1.19&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/coordinator_guide.xml?rev=1.19&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/coordinator_guide.xml?r1=1.18&r2=1.19
Index: coordinator_guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/coordinator_guide.xml,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- coordinator_guide.xml 6 Jul 2007 13:32:23 -0000 1.18
+++ coordinator_guide.xml 13 Feb 2008 12:28:53 -0000 1.19
@@ -8,6 +8,9 @@
<author title="Author">
<mail link="jaervosz@gentoo.org">Sune Kloppenborg Jeppesen</mail>
</author>
+<author title="Author">
+ <mail link="vorlon@gentoo.org">Matthias Geerdsen</mail>
+</author>
<abstract>
This document contains procedures, tips and tricks applying to the
@@ -18,8 +21,8 @@
<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
<license/>
-<version>0.8.4</version>
-<date>January 24, 2007</date>
+<version>0.8.5</version>
+<date>2008-02-13</date>
<chapter>
<title>Prerequisites</title>
@@ -197,9 +200,9 @@
Sometimes a bug is communicated to us under the promise we'll keep it secret
until a public release. Restricted bugs have the "Gentoo Security" checkbox
checked and therefore can only be accessed by Gentoo Security Team members.
-External people (package maintainer, arch testers) may be added on a per-name
-basis, aliases should never be used (because they are too wide and won't allow
-bug comments).
+External people (package maintainer, arch testers, Release Engineering) may be
+added on a per-name basis, aliases should never be used (because they are too
+wide and won't allow bug comments).
</p>
<p>
@@ -501,6 +504,11 @@
</p>
<p>
+During a release preparation period you should also Cc: Release Engineering
+(release@gentoo.org) on all bugs with [stable] status.
+</p>
+
+<p>
If the arch teams take too much time testing and changing the KEYWORDS, or
they refuse to mark stable a package due to outstanding problems, the bug
enters [stable+] status. We must track down arch-maintainers to have them
--
gentoo-commits@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-02-13 12:28 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-02-13 12:28 [gentoo-commits] gentoo commit in xml/htdocs/security/en: vulnerability-policy.xml coordinator_guide.xml Matthias Geerdsen (vorlon)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox