Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit f9739a8

Browse filesBrowse files
mhdawsontargos
mhdawson
authored and
targos
committed
doc: add request to hold off publicising sec releases
- We've often seen tweets go out early before announcement and other parts of the security release complete - Make an explicit ask that collaborators avoid doing this by gating on the tweet from the Node.js account - Releasers would still be free to tweet earlier as they know when the process is complete. Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #46702 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Robert Nagy <ronagy@icloud.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Akhil Marsonya <akhil.marsonya27@gmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com>
1 parent b2a80d7 commit f9739a8
Copy full SHA for f9739a8

File tree

Expand file treeCollapse file tree

1 file changed

+8
-0
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+8
-0
lines changed
Open diff view settings
Collapse file

‎doc/contributing/security-release-process.md‎

Copy file name to clipboardExpand all lines: doc/contributing/security-release-process.md
+8Lines changed: 8 additions & 0 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -118,6 +118,7 @@ out a better way, forward the email you receive to
118118
`oss-security@lists.openwall.com` as a CC.
119119

120120
* [ ] Create a new issue in [nodejs/tweet][]
121+
121122
```text
122123
Security release pre-alert:
123124
@@ -130,6 +131,13 @@ out a better way, forward the email you receive to
130131
https://nodejs.org/en/blog/vulnerability/month-year-security-releases/
131132
```
132133

134+
We specifically ask that collaborators other than the releasers and security
135+
steward working on the security release do not tweet or publicise the release
136+
until the tweet from the Node.js twitter handle goes out. We have often
137+
seen tweets sent out before the release and associated announcements are
138+
complete which may confuse those waiting for the release and also takes
139+
away from the work the releasers have put into shipping the releases.
140+
133141
* [ ] Request releaser(s) to start integrating the PRs to be released.
134142

135143
* [ ] Notify [docker-node][] of upcoming security release date: _**LINK**_

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.