aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-08-20 11:49:58 +0200
committerDaniel Stenberg <daniel@haxx.se>2018-08-20 11:49:58 +0200
commita040ff88e4698bdee1eddc0cdb5a7fb65db49201 (patch)
tree5ab16d4eb88915efd15d2f9d69d5c7147dc5a8dd
parent4c20b20482112b8faf190efc9381dab1851bb30b (diff)
docs/SECURITY-PROCESS: now we name the files after the CVE id
-rw-r--r--docs/SECURITY-PROCESS.md9
1 files changed, 2 insertions, 7 deletions
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md
index 0db6403c6..6ef7757ca 100644
--- a/docs/SECURITY-PROCESS.md
+++ b/docs/SECURITY-PROCESS.md
@@ -109,17 +109,12 @@ Publishing Security Advisories
1. Write up the security advisory, using markdown syntax. Use the same
subtitles as last time to maintain consistency.
-2. Name the advisory file (and ultimately the URL to be used when the flaw
- gets published), using a randomized component so that third parties that
- are involved in the process for each individual flaw will not be given
- insights about possible *other* flaws worked on in parallel.
- `adv_YEAR_RANDOM.md` has been used before.
+2. Name the advisory file after the allocated CVE id.
3. Add a line on the top of the array in `curl-www/docs/vuln.pm'.
4. Put the new advisory markdown file in the curl-www/docs/ directory. Add it
- to the git repo. Update the Makefile in the same directory to build the
- HTML representation.
+ to the git repo.
5. Run `make` in your local web checkout and verify that things look fine.