Versions Compared

Old Version 14

changes.mady.by.user David Ohsie

Saved on

compared with

New Version Current

changes.mady.by.user David Ohsie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

    1. Open a JIRA "private security" issue.  It must be an issue, not just a change in "type".  Just changing the type doesn't help.
    2. Don't open pull requests; do a direct commit.  (David construct email on creating private repo for more extensive commit processes when needed).
    3. Cut the security releases including release notes.
    4. Community Notification
    5. After announcement, create JIRA's.
    6. Three possibilities: 
      1. No grace period - Everyone knows before people can patch + poeople  who follow many projects on bugtraq know right away
      2. 15 business day grace period - People watching bugtraq will be unhappy with what looks sloppy reporting + Lets adopters try to patch first
      3. short grace period  - People don't really have time to benifit.
    7. Public disclosure: bugtraq

...