vorlon      08/02/13 12:28:54

  Modified:             vulnerability-policy.xml coordinator_guide.xml
  Log:
  adding releng sections

Revision  Changes    Path
1.19                 xml/htdocs/security/en/vulnerability-policy.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/vulnerability-policy.xml?rev=1.19&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/vulnerability-policy.xml?rev=1.19&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/vulnerability-policy.xml?r1=1.18&r2=1.19

Index: vulnerability-policy.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/vulnerability-policy.xml,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- vulnerability-policy.xml	1 May 2007 18:45:54 -0000	1.18
+++ vulnerability-policy.xml	13 Feb 2008 12:28:53 -0000	1.19
@@ -5,6 +5,12 @@
 <author title="Author">
   <mail link="koon@g.o">Thierry Carrez</mail>
 </author>
+<author title="Author">
+  <mail link="jaervosz@g.o">Sune Kloppenborg Jeppesen</mail>
+</author>
+<author title="Author">
+  <mail link="vorlon@g.o">Matthias Geerdsen</mail>
+</author>
 
 <abstract>
 This document describes the policy used in Gentoo Linux to treat
@@ -16,8 +22,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
 <license/>
 
-<version>1.2.5</version>
-<date>March 4, 2007</date>
+<version>1.2.6</version>
+<date>2008-02-13</date>
 
 <chapter>
 <title>Scope</title>
@@ -97,6 +103,22 @@
 </body>
 </section>
 <section>
+<title>Release Engineering</title>
+<body>
+<p>
+The Release Engineering ("releng") project appoints a developer to be the 
+primary point of contact for security issues.
+</p>
+<p>
+Release Engineering informs the Gentoo Security Project when a first tree 
+snapshot is taken for media releases. Beginning with the first snapshot until 
+the official media release ("release preparation period"), Release Engineering 
+(the appointed security liaison in case of confidential issues) should be cc'd 
+on each security bug entering the stabilization phase.
+</p>
+</body>
+</section>
+<section>
 <title>Kernels</title>
 <body>
 
@@ -426,7 +448,8 @@
 <li>once an ebuild is committed, evaluate what keywords are needed for the fix
     ebuild and get arch-specific teams to test and mark
     the ebuild stable on their architectures (arch-teams should be cc'd on
-    the bug) and set status whiteboard to <c>stable</c></li>
+    the bug, as well as releng during release preparation) and set status 
+    whiteboard to <c>stable</c></li>
 <li>arch-maintainers should mark the ebuild stable if there is no regression
     in the fix ebuild compared to the latest vulnerable version</li>
 <li>in parallel, writing a draft GLSA using the GLSAMaker tool</li>



1.19                 xml/htdocs/security/en/coordinator_guide.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/coordinator_guide.xml?rev=1.19&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/coordinator_guide.xml?rev=1.19&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/coordinator_guide.xml?r1=1.18&r2=1.19

Index: coordinator_guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/coordinator_guide.xml,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- coordinator_guide.xml	6 Jul 2007 13:32:23 -0000	1.18
+++ coordinator_guide.xml	13 Feb 2008 12:28:53 -0000	1.19
@@ -8,6 +8,9 @@
 <author title="Author">
   <mail link="jaervosz@g.o">Sune Kloppenborg Jeppesen</mail>
 </author>
+<author title="Author">
+  <mail link="vorlon@g.o">Matthias Geerdsen</mail>
+</author>
 
 <abstract>
 This document contains procedures, tips and tricks applying to the
@@ -18,8 +21,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
 <license/>
 
-<version>0.8.4</version>
-<date>January 24, 2007</date>
+<version>0.8.5</version>
+<date>2008-02-13</date>
 
 <chapter>
 <title>Prerequisites</title>
@@ -197,9 +200,9 @@
 Sometimes a bug is communicated to us under the promise we'll keep it secret
 until a public release. Restricted bugs have the "Gentoo Security" checkbox
 checked and therefore can only be accessed by Gentoo Security Team members.
-External people (package maintainer, arch testers) may be added on a per-name
-basis, aliases should never be used (because they are too wide and won't allow
-bug comments).
+External people (package maintainer, arch testers, Release Engineering) may be
+added on a per-name basis, aliases should never be used (because they are too
+wide and won't allow bug comments).  
 </p>
 
 <p>
@@ -501,6 +504,11 @@
 </p>
 
 <p>
+During a release preparation period you should also Cc: Release Engineering
+(release@g.o) on all bugs with [stable] status.
+</p>
+
+<p>
 If the arch teams take too much time testing and changing the KEYWORDS, or
 they refuse to mark stable a package due to outstanding problems, the bug
 enters [stable+] status. We must track down arch-maintainers to have them



-- 
gentoo-commits@g.o mailing list