14
edits
Security/Firefox/Security Bug Life Cycle/Security Advisories: Difference between revisions
Security/Firefox/Security Bug Life Cycle/Security Advisories (view source)
Revision as of 13:18, 2 December 2025
, 2 December 2025Add that changing csectype- keywords can also be necessary.
(Add note about bugzilla api key) |
(Add that changing csectype- keywords can also be necessary.) |
||
| Line 13: | Line 13: | ||
# For each bug, determine if it should get an advisory and assign the appropriate whiteboard tag on Bugzilla | # For each bug, determine if it should get an advisory and assign the appropriate whiteboard tag on Bugzilla | ||
# Next run <code>./gen_yml.py $VERSIONNUMBER --all --output-path ../foundation-security-advisories/announce/2025</code> (you need to set a Bugzilla API key) | # Next run <code>./gen_yml.py $VERSIONNUMBER --all --output-path ../foundation-security-advisories/announce/2025</code> (you need to set a Bugzilla API key) | ||
# Fix any errors you encounter - the idea is that we fix e.g. missing categories when we encounter them instead of trying to find them up front | # Fix any errors you encounter - the idea is that we fix e.g. missing categories when we encounter them instead of trying to find them up front. Sometimes the fix is also to fixe the csectype keywords of the bug. See https://wiki.mozilla.org/Security_Severity_Ratings/Client#csectype-_Keywords) | ||
# If you had to fix something, run it again but add <code>--id $ID</code> to ensure you overwrite the files instead of creating even more | # If you had to fix something, run it again but add <code>--id $ID</code> to ensure you overwrite the files instead of creating even more | ||
# Create a PR against the private repo and get a review from the reviewer in the rotation | # Create a PR against the private repo and get a review from the reviewer in the rotation | ||