Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

maintainers: add checklist for security releases #11400

Merged
merged 1 commit into from
Oct 31, 2024
Merged

maintainers: add checklist for security releases #11400

merged 1 commit into from
Oct 31, 2024

Conversation

fricklerhandwerk
Copy link
Contributor

Motivation

I promised I'll do it, to avoid omissions in the future

Context

Now and then we release security patches. Make sure it's a routine task to minimize risk, uncertainty, and disruption.

Priorities and Process

Add 👍 to pull requests you find important.

The Nix maintainer team uses a GitHub project board to schedule and track reviews.

@nixos-discourse
Copy link

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/2024-09-02-nix-team-meeting-minutes-174/51512/2

roberth
roberth reviewed Sep 9, 2024
View reviewed changes
Copy link
Member

@roberth roberth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good communication is essential because we may only get one chance

maintainers/release-process.md Show resolved Hide resolved
maintainers/release-process.md Show resolved Hide resolved
maintainers/release-process.md Show resolved Hide resolved
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/nar-unpacking-vulnerability-post-mortem/52301/1

@nixos-discourse

This comment was marked as duplicate.

Sign in to view
djacu
djacu approved these changes Sep 20, 2024
View reviewed changes
Copy link
Member

@djacu djacu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like solid improvement to case handling and communication.

djacu
djacu suggested changes Sep 20, 2024
View reviewed changes
maintainers/security-reports.md Outdated Show resolved Hide resolved
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/nix-2-24-8-release-to-fix-builtin-fetchurl-security-issue/52732/7

@fricklerhandwerk @djacu
maintainers: add checklist for security releases
9bb153a 
Co-Authored-By: Robert Hensing <[email protected]
Co-authored-by: Dan Baker <[email protected]>
@fricklerhandwerk fricklerhandwerk merged commit c91c1cd into NixOS:master Oct 31, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djacu djacu djacu requested changes

@edolstra edolstra Awaiting requested review from edolstra

@roberth roberth Awaiting requested review from roberth

Assignees
No one assigned
Labels
documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fricklerhandwerk @nixos-discourse @roberth @djacu