mirror of
https://github.com/moparisthebest/curl
synced 2024-11-11 20:15:03 -05:00
SECURITY: minor updates
- we allow the security push up to 48 hours before the release - add a mention about possible pre-notifications - lower case the 'curl-security' title
This commit is contained in:
parent
50ef91b59a
commit
a65db0bbcb
@ -75,9 +75,11 @@ announcement.
|
|||||||
to the 'distros' mailing list to allow them to use the fix prior to the
|
to the 'distros' mailing list to allow them to use the fix prior to the
|
||||||
public announcement.
|
public announcement.
|
||||||
|
|
||||||
- At the day of the next release, the private branch is merged into the master
|
- No more than 48 hours before the release, the private branch is merged into
|
||||||
branch and pushed. Once pushed, the information is accessible to the public
|
the master branch and pushed. Once pushed, the information is accessible to
|
||||||
and the actual release should follow suit immediately afterwards.
|
the public and the actual release should follow suit immediately afterwards.
|
||||||
|
The time between the push and the release is used for final tests and
|
||||||
|
reviews.
|
||||||
|
|
||||||
- The project team creates a release that includes the fix.
|
- The project team creates a release that includes the fix.
|
||||||
|
|
||||||
@ -88,9 +90,19 @@ announcement.
|
|||||||
- The security web page on the web site should get the new vulnerability
|
- The security web page on the web site should get the new vulnerability
|
||||||
mentioned.
|
mentioned.
|
||||||
|
|
||||||
|
Pre-notification
|
||||||
|
----------------
|
||||||
|
|
||||||
|
If you think you are or should be eligible for a pre-notifcation about
|
||||||
|
upcoming security announcements for curl, we urge OS distros and similar
|
||||||
|
vendors to primarily join the distros@openwall list as that is one of the
|
||||||
|
purposes of that list - and not just for curl of course.
|
||||||
|
|
||||||
CURL-SECURITY (at haxx dot se)
|
If you are not a distro or otherwise not suitable for distros@openwall and yet
|
||||||
|
want pre-notifications from us, contact the curl security team with a detailed
|
||||||
|
and clear explanation why this is the case.
|
||||||
|
|
||||||
|
curl-security (at haxx dot se)
|
||||||
------------------------------
|
------------------------------
|
||||||
|
|
||||||
Who is on this list? There are a couple of criteria you must meet, and then we
|
Who is on this list? There are a couple of criteria you must meet, and then we
|
||||||
|
Loading…
Reference in New Issue
Block a user