[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
branch master updated: doc: Add document on security advisories.
From: |
Ludovic Courtès |
Subject: |
branch master updated: doc: Add document on security advisories. |
Date: |
Wed, 10 Feb 2021 06:46:25 -0500 |
This is an automated email from the git hooks/post-receive script.
civodul pushed a commit to branch master
in repository maintenance.
The following commit(s) were added to refs/heads/master by this push:
new 1bc3495 doc: Add document on security advisories.
1bc3495 is described below
commit 1bc34954ec4217a28f1ad6445a149f52b4f7f3a0
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Wed Feb 10 12:45:54 2021 +0100
doc: Add document on security advisories.
* doc/security-advisories.org: New file.
---
doc/security-advisories.org | 37 +++++++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/doc/security-advisories.org b/doc/security-advisories.org
new file mode 100644
index 0000000..ef560c8
--- /dev/null
+++ b/doc/security-advisories.org
@@ -0,0 +1,37 @@
+#+TITLE: Addressing and announcing security issues
+
+This document describes the process to follow when reporting security
+issues in Guix.
+
+* Identify the problem and estimate its impact
+
+ This discussion usually happens on the private guix-security@gnu.org
+ list.
+
+* Work on a fix or workaround
+
+ This may happen on guix-security, or it could be tracked in the bug
+ tracker.
+
+ In general, bringing issues to public scrutiny can help raise
+ awareness and find better solutions.
+
+* Publicize bug and patch at bug-guix@gnu.org
+
+ That gives a bug number that can be used to track progress.
+
+* Commit bug fix followed by a =etc/news.scm= entry
+
+ Report the commit ID in the bug tracker.
+
+* Announce the issue
+
+** blog post with the “Security Advisory†tag
+
+** message to info-guix@gnu.org
+
+** oss-security list (?)
+
+* Assign a CVE number via https://cveform.mitre.org/ (?)
+
+ See also https://cve.mitre.org/cve/request_id.html.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- branch master updated: doc: Add document on security advisories.,
Ludovic Courtès <=