summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorCarlton Gibson <carlton.gibson@noumenal.es>2019-06-03 09:44:39 +0200
committerCarlton Gibson <carlton@noumenal.es>2019-06-04 16:40:25 +0200
commit8a187bfa3b20f5234024fe6afbdcac161ac13a78 (patch)
tree9a54020a02b44f94d2fed374b3c63f76d2556fe4 /docs
parent5248abe9b0425c1fc989c60a55860cdb4d135bcf (diff)
Updated release process notes for oss-security list content guidelines.
c.f. https://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines
Diffstat (limited to 'docs')
-rw-r--r--docs/internals/howto-release-django.txt9
1 files changed, 7 insertions, 2 deletions
diff --git a/docs/internals/howto-release-django.txt b/docs/internals/howto-release-django.txt
index deee3b614c..d201f60d8e 100644
--- a/docs/internals/howto-release-django.txt
+++ b/docs/internals/howto-release-django.txt
@@ -357,8 +357,13 @@ Now you're ready to actually put the release out there. To do this:
#. Post the release announcement to the |django-announce|, |django-developers|,
and |django-users| mailing lists. This should include a link to the
- announcement blog post. If this is a security release, also include
- oss-security@lists.openwall.com.
+ announcement blog post.
+
+#. If this is a security release, send a separate email to
+ oss-security@lists.openwall.com. Provide a descriptive subject, for example,
+ "Django" plus the issue title from the release notes (including CVE ID). The
+ message body should include the vulnerability details, for example, the
+ announcement blog post text. Include a link to the announcement blog post.
#. Add a link to the blog post in the topic of the `#django` IRC channel:
``/msg chanserv TOPIC #django new topic goes here``.