1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 16:48:49 -05:00

docs/SECURITY-PROCESS: now we name the files after the CVE id

This commit is contained in:
Daniel Stenberg 2018-08-20 11:49:58 +02:00
parent 4c20b20482
commit a040ff88e4
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -109,17 +109,12 @@ Publishing Security Advisories
1. Write up the security advisory, using markdown syntax. Use the same 1. Write up the security advisory, using markdown syntax. Use the same
subtitles as last time to maintain consistency. subtitles as last time to maintain consistency.
2. Name the advisory file (and ultimately the URL to be used when the flaw 2. Name the advisory file after the allocated CVE id.
gets published), using a randomized component so that third parties that
are involved in the process for each individual flaw will not be given
insights about possible *other* flaws worked on in parallel.
`adv_YEAR_RANDOM.md` has been used before.
3. Add a line on the top of the array in `curl-www/docs/vuln.pm'. 3. Add a line on the top of the array in `curl-www/docs/vuln.pm'.
4. Put the new advisory markdown file in the curl-www/docs/ directory. Add it 4. Put the new advisory markdown file in the curl-www/docs/ directory. Add it
to the git repo. Update the Makefile in the same directory to build the to the git repo.
HTML representation.
5. Run `make` in your local web checkout and verify that things look fine. 5. Run `make` in your local web checkout and verify that things look fine.