Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc: add extra step reporter pre-approval #44806

Merged
merged 1 commit into from Oct 2, 2022
Merged

doc: add extra step reporter pre-approval #44806

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 6 additions & 0 deletions doc/contributing/security-release-process.md
View file
Open in desktop
Expand Up @@ -44,6 +44,8 @@ The current security stewards are documented in the main Node.js
the date in the slug so that it will move to the top of the blog list.)
* (Consider using a [Vulnerability Score System](https://www.first.org/cvss/calculator/3.1)
to identify severity of each report)
* Share the patch with the reporter when applicable.
It will increase the fix accuracy.
* [ ] pre-release: _**LINK TO PR**_
* [ ] post-release: _**LINK TO PR**_
* List vulnerabilities in order of descending severity
Expand All @@ -66,6 +68,10 @@ The current security stewards are documented in the main Node.js
* [ ] Check that all vulnerabilities are ready for release integration:
* PRs against all affected release lines or cherry-pick clean
* Approved
* (optional) Approved by the reporter
* Build and send the binary to the reporter according to its architecture
and ask for a review. This step is important to avoid insufficient fixes
between Security Releases.
* Pass `make test`
* Have CVEs
* Make sure that dependent libraries have CVEs for their issues. We should
Expand Down