diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2018-08-30 12:47:16 -0400 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-08-30 12:47:16 -0400 |
commit | 00c0b237732412c0e360217048178f7952031901 (patch) | |
tree | 577e29e13db603123163eb95da3ffff420191bec /docs | |
parent | ef3b38d2ac381ecce025bea6ec5a9388b0901360 (diff) | |
download | cryptography-00c0b237732412c0e360217048178f7952031901.tar.gz cryptography-00c0b237732412c0e360217048178f7952031901.tar.bz2 cryptography-00c0b237732412c0e360217048178f7952031901.zip |
Fixes #4357 -- document the additional release steps for a security release (#4429)
* Fixes #4357 -- document the additional release steps for a security release
* One additional step
* Fix a few typos
* this is a word
* link these
Diffstat (limited to 'docs')
-rw-r--r-- | docs/doing-a-release.rst | 16 | ||||
-rw-r--r-- | docs/spelling_wordlist.txt | 1 |
2 files changed, 17 insertions, 0 deletions
diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst index 45617985..f87a4499 100644 --- a/docs/doing-a-release.rst +++ b/docs/doing-a-release.rst @@ -3,6 +3,20 @@ Doing a release Doing a release of ``cryptography`` requires a few steps. +Security Releases +----------------- + +In addition to the other steps described below, for a release which fixes a +security vulnerability, you should also include the following steps: + +* Request a `CVE from MITRE`_. Once you have received the CVE, it should be + included in the :doc:`changelog`. Ideally you should request the CVE before + starting the release process so that the CVE is available at the time of the + release. +* Ensure that the :doc:`changelog` entry credits whoever reported the issue. +* The release should be announced on the `oss-security`_ mailing list, in + addition to the regular announcement lists. + Verifying OpenSSL version ------------------------- @@ -78,6 +92,8 @@ Post-release tasks * Send an email to the `mailing list`_ and `python-announce`_ announcing the release. +.. _`CVE from MITRE`: https://cveform.mitre.org/ +.. _`oss-security`: http://www.openwall.com/lists/oss-security/ .. _`upgrading OpenSSL issue template`: https://github.com/pyca/cryptography/issues/new?template=openssl-release.md .. _`milestone`: https://github.com/pyca/cryptography/milestones .. _`mailing list`: https://mail.python.org/mailman/listinfo/cryptography-dev diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index 225ee3af..e8b9098f 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -10,6 +10,7 @@ boolean Botan Brainpool Capitan +changelog Changelog ciphertext codebook |