Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitaly.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Okstad <pokstad@gitlab.com>2019-08-13 00:06:51 +0300
committerJohn Cai <jcai@gitlab.com>2019-08-13 00:06:51 +0300
commit35a5f43ada6328c2dfbe1b7b51aa691959238a4f (patch)
treef9533c0087afdf0ec0b6ca773d5126d8bc1a27e6
parenta3d82f943f96839989a9bed8b6ac8c17ca497fb2 (diff)
Iterate on security process doc
[skip CI]
Diffstat
-rw-r--r--doc/PROCESS.md13
1 files changed, 9 insertions, 4 deletions
diff --git a/doc/PROCESS.md b/doc/PROCESS.md
index 80e7600aa..3ae6124a2 100644
--- a/doc/PROCESS.md
+++ b/doc/PROCESS.md
@@ -49,9 +49,12 @@ security patches by restricting the pushes to `dev.gitlab.org` hosted origins.
As a sanity check, you can verify your repository only points to remotes in
`dev.gitlab.org` by running: `git remote -v`
-1. **Contributors:** Start your security merge request against master in Gitaly
- in dev. Once finished and approved, **DO NOT MERGE**. Merging into master
- will happen later after the security release is public.
+1. **Contributors:**
+ - Start your security merge request against master in Gitaly on dev.gitlab.org
+ - Your branch name should start with `security-` to prevent unwanted
+ disclosures on the public gitlab.com (this branch name pattern is protected).
+ - Once finished and approved, **DO NOT MERGE**. Merging into master
+ will happen later after the security release is public.
1. **Contributors:** For each supported version of GitLab-CE, note what version
of Gitaly you're backporting by opening
[`GITALY_SERVER_VERSION`][gitaly-ce-version] and perform the following:
@@ -75,7 +78,9 @@ As a sanity check, you can verify your repository only points to remotes in
1. Upon successful vetting of the release, the script will provide a
command for you to actually push the tag
1. **Contributors:** Bump `GITALY_SERVER_VERSION` on the client
- (gitlab-rails) in each backported merge request against GitLab-CE.
+ (gitlab-rails) in each backported merge request against both
+ [GitLab-CE](https://dev.gitlab.org/gitlab/gitlabhq)
+ and [GitLab-EE](https://dev.gitlab.org/gitlab/gitlab-ee).
- Follow the [usual security process](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md)
1. Only after the security release occurs and the details are made public:
1. **Contributors:** Merge in your request against master on dev.gitlab.com
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 02:11:49 +0300