doc: mention where to push security commits

PR-URL: https://github.com/nodejs/node/pull/44691 Reviewed-By: Danielle Adams <adamzdanielle@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com>
2022-09-16 18:32:11 -03:00 · 2022-09-16 18:32:11 -03:00 · 68a3618bb4
parent 50329ae22d
commit 68a3618bb4
1 changed files with 16 additions and 0 deletions
--- a/doc/contributing/releases.md
+++ b/doc/contributing/releases.md
@ -263,6 +263,19 @@ branch.
 $ git checkout -b v1.2.3-proposal upstream/v1.x-staging
 ```

+<details>
+<summary>Security release</summary>
+
+When performing Security Releases, the `vN.x.x-proposal` branch should be
+branched off of `vN.x`.
+
+```console
+$ git checkout -b v1.2.3-proposal upstream/v1.x
+git cherry-pick  ...  # cherry-pick nodejs-private PR commits directly into the proposal
+```
+
+</details>
+
 ### 3. Update `src/node_version.h`

 Set the version for the proposed release using the following macros, which are
@ -458,6 +471,9 @@ Notable changes:
 PR-URL: TBD
 ```

+**Note**: Ensure to push the proposal branch to the nodejs-private repository.
+Otherwise, you will leak the commits before the security release.
+
 </details>

 ### 6. Propose release on GitHub