There are been several discussions in recent PRs about
the docs related to contributing not being very discoverable.
Move these docs from doc/guides/ to doc/contributing.
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/41408
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Derek Lewis <DerekNonGeneric@inf.is>
Reviewed-By: Mary Marchini <oss@mmarchini.me>
Reviewed-By: James M Snell <jasnell@gmail.com>
I'll submit a follow on PR to better document security
stewards along with their onboarding. For now just fix
the list so it's not out of date.
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/41128
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
- Since we now just reference the nodejs blog post in the
post to the nodejs-sec mailing list, change the order
so the blog post comes first
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/40725
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/40358
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Github Actions could have an outage and we should abort the publishing
of the PR if they are.
PR-URL: https://github.com/nodejs/node/pull/40333
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit adds a suggestion to create a github issue for the security
release tweets. Currently, the security release document requests that
these tweets be created by asking in the #nodejs-social channel. Someone
from that channel would then create an issue, so we could just create
the issue ourselves.
PR-URL: https://github.com/nodejs/node/pull/39940
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This commit adds a note about only creating a CVE for Node.js
vulnerabilities.
The motivation for this is a recent HackerOne report where I created a
CVE for a c-ares issue. This CVE should have been created by the c-ares
project, and it was later, but we never updated our HackerOne report to
use their CVE number. Hopefully this extra note in the release doc will
help us check for this situaion and avoid this in the future.
PR-URL: https://github.com/nodejs/node/pull/39845
Refs: https://hackerone.com/reports/1178337
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
- update intructions on adding cc for email to
nodejs-sec mailing list as UI does not allow it
to be done directly.
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/39674
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This commit updates the security release process document with a bullet
point to ask the HackerOne reporter if they would like to be credited
for reporting the vulnerability. We might also be able to add a question
like this to the HackerOne template when a report is created, but it
would still be good to have this bullet point to remember to include the
information in the security release blog post.
PR-URL: https://github.com/nodejs/node/pull/39585
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This commit add the contents that should go into the docker-node and
build issues when doing a security release.
PR-URL: https://github.com/nodejs/node/pull/39215
Reviewed-By: Richard Lau <rlau@redhat.com>
This commit adds instructions for adding machine-readable json files to
the security-wg repo in the security release guide.
PR-URL: https://github.com/nodejs/node/pull/39220
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit adds a suggestion for a template to be used as part of the
security release process. One step of this process is to create an email
to nodejs-sec group and currently would contain a copy and pasted
version of what is published on nodejs.org. This suggestion is to
instead use a link to the blog post.
PR-URL: https://github.com/nodejs/node/pull/38290
Refs: https://github.com/nodejs/node/issues/38143
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Where possible used HEAD in links
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/37421
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Zijian Liu <lxxyxzj@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
These are exceedingly minor, but I'm doing them anyway for consistency
across our docs (whether internal process docs or user-facing docs).
* ASCII order for references
* Minor punctuation adjustments
* Use product capitalization for Twitter and Slack
* Sentence-case for header
PR-URL: https://github.com/nodejs/node/pull/35154
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
- update security process to reflect current way
to request tweet/retweet of security release
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/35107
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ash Cripps <ashley.cripps@ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/32926
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Zeyu Yang <himself65@outlook.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/31679
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
* Updated cpp style guide file name and location and fixed links to
this file.
* Updated collaborator guide file name and location and fixed links
to this file.
* Updated documentation style guide file name and location and updated
links referencing the file.
* Moved files to appropriate location and updated naming style for
some of them.
Fixes: https://github.com/nodejs/node/issues/31741
PR-URL: https://github.com/nodejs/node/pull/31792
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
2020-03-04 13:13:07 +00:00
Renamed from doc/guides/security_release_process.md (Browse further)
