-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add cve #15
base: master
Are you sure you want to change the base?
add cve #15
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,19 +14,26 @@ The release process uses GitHub actions, make sure that the actions are active b | |
Register CVE | ||
^^^^^^^^^^^^ | ||
|
||
To be added | ||
As soon as a CVE is identified, create a security advisory on `GitHub <https://github.com/ome/openmicroscopy/security/advisories>`_. | ||
The work to fix the CVE will be done using the private copy of `ome/openmicroscopy <https://github.com/ome/openmicroscopy/>`_ and the private copies of the Java components. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What about OMERO.web vulnerabilities? Should these be captured by this document? Are the advisories expected to be drafted on https://github.com/ome/omero-web/security/advisories? |
||
The release process needs to eb adjusted in that case. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. typo There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. maybe just add "...as described below" to avoid confusion. |
||
|
||
Release process | ||
^^^^^^^^^^^^^^^ | ||
|
||
Source code release | ||
------------------- | ||
|
||
To make a new release: | ||
To make a new public release: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What's the difference between a public and a private release? Why would you do one vs another? |
||
- Merge all contributions on the ``develop`` branch. | ||
- Ensure that all the dependencies have been bumped via the `update <https://github.com/ome/openmicroscopy/blob/develop/.github/workflows/update.yaml>`_ GitHub action which is run hourly. The action will open a Pull Request that updates the `omero.properties <https://github.com/ome/openmicroscopy/blob/develop/etc/omero.properties>`_ file. Merge the Pull Request. You can also execute locally the script `update_dependencies.sh <https://github.com/ome/openmicroscopy/blob/develop/update_dependencies.sh>`_ manually if you wish. | ||
- Add an entry to `history.rst <https://github.com/ome/openmicroscopy/blob/develop/history.rst>`_. | ||
|
||
To make a private release: | ||
- Squash all the commits | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Which commits? |
||
- Ensure that all the dependencies have been bumped using the script :file:update_dependencies.sh | ||
- Add an entry to :file:history.rst | ||
|
||
After committing the changes, a signed tag must be created for the released version | ||
using :command:`git tag -s`:: | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CVE commonly refers to a list of diclosed vulnerabilities, maybe "As soon as a vulnerability is identified"
Also are there some guidelines on the advisory? Should this be draft?