From 8a187bfa3b20f5234024fe6afbdcac161ac13a78 Mon Sep 17 00:00:00 2001 From: Carlton Gibson Date: Mon, 3 Jun 2019 09:44:39 +0200 Subject: [PATCH] Updated release process notes for oss-security list content guidelines. c.f. https://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines --- docs/internals/howto-release-django.txt | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/internals/howto-release-django.txt b/docs/internals/howto-release-django.txt index deee3b614ca..d201f60d8ea 100644 --- a/docs/internals/howto-release-django.txt +++ b/docs/internals/howto-release-django.txt @@ -357,8 +357,13 @@ Now you're ready to actually put the release out there. To do this: #. Post the release announcement to the |django-announce|, |django-developers|, and |django-users| mailing lists. This should include a link to the - announcement blog post. If this is a security release, also include - oss-security@lists.openwall.com. + announcement blog post. + +#. If this is a security release, send a separate email to + oss-security@lists.openwall.com. Provide a descriptive subject, for example, + "Django" plus the issue title from the release notes (including CVE ID). The + message body should include the vulnerability details, for example, the + announcement blog post text. Include a link to the announcement blog post. #. Add a link to the blog post in the topic of the `#django` IRC channel: ``/msg chanserv TOPIC #django new topic goes here``.