130
edits
Security/Firefox/Security Bug Life Cycle/Security Advisories: Difference between revisions
Jump to navigation
Jump to search
Security/Firefox/Security Bug Life Cycle/Security Advisories (view source)
Revision as of 20:47, 1 October 2024
, 1 October 2024→Get review
(Fix typos) |
|||
| Line 70: | Line 70: | ||
Following that round, send the .yml files to the security-group list and solicit more feedback. '''If the release is on a Tuesday, this should be done no later than Friday evening.''' | Following that round, send the .yml files to the security-group list and solicit more feedback. '''If the release is on a Tuesday, this should be done no later than Friday evening.''' | ||
=== Add them to the repository === | |||
``` | |||
// First time: | |||
git clone https://github.com/mozilla/foundation-security-advisories | |||
cd foundation-security-advisories | |||
git remote rename origin origin-public | |||
git remote add origin git@github.com:mozilla/foundation-security-advisories-private.git | |||
// Every time: | |||
git pull origin-public master | |||
git checkout -b adv-131 | |||
// Add your yaml files | |||
git commit | |||
git push origin | |||
``` | |||
The above instructions for setup will check out the public and private repos and will rename the public one so it's harder to accidentally push to it. | |||
Each advisory cycle, you will update your local repo with the canonical source of truth (the public master branch), create a branch for yourself, you commit your files, and you submit the branch to the private repo. | |||
=== Assign CVEs === | === Assign CVEs === | ||