From 6fdb12cdccc6b33714f7a93ca8cc8d9c300b0f82 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Mon, 24 Oct 2016 15:02:55 -0400 Subject: [PATCH] Documented how to request CVE IDs. --- docs/internals/howto-release-django.txt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/internals/howto-release-django.txt b/docs/internals/howto-release-django.txt index c5254a8af3..40e5c25b34 100644 --- a/docs/internals/howto-release-django.txt +++ b/docs/internals/howto-release-django.txt @@ -92,8 +92,11 @@ any time leading up to the actual release: the release. We maintain a list of who gets these pre-notification emails in the private ``django-core`` repository. Send the mail to ``security@djangoproject.com`` and BCC the pre-notification recipients. - This email should be signed by the key you'll use for the release, and - should include patches for each issue being fixed. + This email should be signed by the key you'll use for the release and + should include `CVE IDs `_ (requested with + Vendor: djangoproject, Product: django) and patches for each issue being + fixed. Also, :ref:`notify django-announce ` of the + upcoming security release. #. As the release approaches, watch Trac to make sure no release blockers are left for the upcoming release.