summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2016-10-24 15:02:55 -0400
committerTim Graham <timograham@gmail.com>2016-10-24 15:02:55 -0400
commit6fdb12cdccc6b33714f7a93ca8cc8d9c300b0f82 (patch)
tree6e5ce0106cd315c5aada3fbcddf5e7a442f88388 /docs
parent19f1321fa44c45a737da0023c2122e711057b554 (diff)
Documented how to request CVE IDs.
Diffstat (limited to 'docs')
-rw-r--r--docs/internals/howto-release-django.txt7
1 files changed, 5 insertions, 2 deletions
diff --git a/docs/internals/howto-release-django.txt b/docs/internals/howto-release-django.txt
index c5254a8af3..40e5c25b34 100644
--- a/docs/internals/howto-release-django.txt
+++ b/docs/internals/howto-release-django.txt
@@ -92,8 +92,11 @@ any time leading up to the actual release:
the release. We maintain a list of who gets these pre-notification emails in
the private ``django-core`` repository. Send the mail to
``security@djangoproject.com`` and BCC the pre-notification recipients.
- This email should be signed by the key you'll use for the release, and
- should include patches for each issue being fixed.
+ This email should be signed by the key you'll use for the release and
+ should include `CVE IDs <https://cveform.mitre.org/>`_ (requested with
+ Vendor: djangoproject, Product: django) and patches for each issue being
+ fixed. Also, :ref:`notify django-announce <security-disclosure>` of the
+ upcoming security release.
#. As the release approaches, watch Trac to make sure no release blockers
are left for the upcoming release.