daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: update security release process 

- update security release process to reflect current way to
  ask for tweet to amplify security release blog posts.

Signed-off-by: Michael Dawson <midawson@redhat.com>

PR-URL: https://github.com/nodejs/node/pull/50166
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
pull/50206/head
Michael Dawson 2023-10-12 16:44:55 +00:00 committed by Michael Dawson
parent 0c5696248b
commit 356b4a268a
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/contributing/security-release-process.md
View File

@ -120,7 +120,8 @@ The google groups UI does not support adding a CC, until we figure
out a better way, forward the email you receive to
`oss-security@lists.openwall.com` as a CC.
* [ ] Send a message to `#nodejs-social` in OpenJS Foundation slack
* [ ] Post in the [nodejs-social channel][]
in the OpenJS slack asking for amplication of the blog post.
```text
Security release pre-alert:
@ -179,7 +180,8 @@ out a better way, forward the email you receive to
For more information see: https://nodejs.org/en/blog/vulnerability/month-year-security-releases/
```
* [ ] Create a new issue in [nodejs/tweet][]
* [ ] Post in the [nodejs-social channel][]
in the OpenJS slack asking for amplication of the blog post.
```text
Security release:
@ -238,5 +240,5 @@ The steps to correct CVE information are:
[H1 CVE requests]: https://hackerone.com/nodejs/cve_requests
[docker-node]: https://github.com/nodejs/docker-node/issues
[email]: https://groups.google.com/forum/#!forum/nodejs-sec
[nodejs-social channel]: https://openjs-foundation.slack.com/archives/C0142A39BNE
[nodejs/build]: https://github.com/nodejs/build/issues
[nodejs/tweet]: https://github.com/nodejs/tweet/issues