moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

docs/SECURITY-PROCESS: now we name the files after the CVE id

This commit is contained in:
Daniel Stenberg 2018-08-20 11:49:58 +02:00
parent 4c20b20482
commit a040ff88e4
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 2 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/SECURITY-PROCESS.md
View File

@ -109,17 +109,12 @@ Publishing Security Advisories
1. Write up the security advisory, using markdown syntax. Use the same
subtitles as last time to maintain consistency.
2. Name the advisory file (and ultimately the URL to be used when the flaw
gets published), using a randomized component so that third parties that
are involved in the process for each individual flaw will not be given
insights about possible *other* flaws worked on in parallel.
`adv_YEAR_RANDOM.md` has been used before.
2. Name the advisory file after the allocated CVE id.
3. Add a line on the top of the array in `curl-www/docs/vuln.pm'.
4. Put the new advisory markdown file in the curl-www/docs/ directory. Add it
to the git repo. Update the Makefile in the same directory to build the
HTML representation.
to the git repo.
5. Run `make` in your local web checkout and verify that things look fine.