kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Merge branch 'security-release-ownership' into 'master'

Browse source 
Security release ownership

We saw the following problems around the 7.4.4 release:

- the fix got merged into master while it should have been held back
- there was a security fix but no release manager to release it

With this change we want to improve our process and documentation
to prevent situations like this in the future.

See merge request !1273
This commit is contained in:
Marin Jankovski 2014-11-24 15:59:09 +00:00
commit 8a0abbb757
3 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/release/monthly.md
View file

@ -8,7 +8,9 @@ NOTE: This is a guide for GitLab developers.
### **2. Release Manager**
A release manager is selected that coordinates the entire release of this version. The release manager has to make sure all the steps below are done and delegated where necessary. This person should also make sure this document is kept up to date and issues are created and updated.
A release manager is selected that coordinates all releases the coming month, including the patch releases for previous releases.
The release manager has to make sure all the steps below are done and delegated where necessary.
This person should also make sure this document is kept up to date and issues are created and updated.
### **3. Create an overall issue**

1
doc/release/patch.md
View file

@ -17,6 +17,7 @@ Otherwise include it in the monthly release and note there was a regression fix
1. Create an issue on private GitLab development server
1. Name the issue "Release X.X.X CE and X.X.X EE", this will make searching easier
1. Fix the issue on a feature branch, do this on the private GitLab development server
1. If it is a security issue, then assign it to the release manager and apply a 'security' label
1. Consider creating and testing workarounds
1. After the branch is merged into master, cherry pick the commit(s) into the current stable branch
1. Make sure that the build has passed and all tests are passing

2
doc/release/security.md
View file

@ -14,7 +14,9 @@ Please report suspected security vulnerabilities in private to <support@gitlab.c
1. Verify that the issue can be reproduced
1. Acknowledge the issue to the researcher that disclosed it
1. Inform the release manager that there needs to be a security release
1. Do the steps from [patch release document](doc/release/patch.md), starting with "Create an issue on private GitLab development server"
1. The MR with the security fix should get a 'security' label and be assigned to the release manager
1. Create feature branches for the blog post on GitLab.com and link them from the code branch
1. Merge and publish the blog posts
1. Send tweets about the release from `@gitlabhq`