diff options
author | John Cai <jcai@gitlab.com> | 2023-08-24 22:20:17 +0300 |
---|---|---|
committer | John Cai <jcai@gitlab.com> | 2023-08-24 22:20:17 +0300 |
commit | 09ec1f97e6fd5774688997cd9aebbc4b2775e7fd (patch) | |
tree | cc1f33610a24061733480eb1fe027f8b5f48b32c | |
parent | e0f5aac979b770ab9dea403f7cb93450bd9e1b70 (diff) |
PROCESS: Add section for Git security releasejc/document-git-cve
-rw-r--r-- | doc/PROCESS.md | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/PROCESS.md b/doc/PROCESS.md index ba695920a..d36d126e6 100644 --- a/doc/PROCESS.md +++ b/doc/PROCESS.md @@ -692,6 +692,22 @@ Before beginning work on a security fix, open a new Gitaly issue with the templa `Security Release` and follow the instructions at the top of the page for following the template. +### Git Security Release + +When there is a vulnerability discovered on the Git project, there is a process +by which we patch the vulnerability. + +```mermaid +flowchart TD + A[vulnerability validated on Git security mailing list]-->B[Community member contributes a fix] + B-->C[Fix bakes on Git security mailng list] + B-->D[A new tagged version abc is created on gitlab-org/security/git with the fix] + D-->E[Git version abc is deployed onto Gitlab.com off of gitlab-org/security/git] + C-->F[An embargo date is determined for the patch to be tagged and released] + F-->G[New versions of Git are released] + G-->I[Gitaly is modified to use the new version of Git] +``` + ## Experimental builds Push the release tag to `dev.gitlab.org/gitlab/gitaly`. After |