Documented how to request CVE IDs.

This commit is contained in:
Tim Graham 2016-10-24 15:02:55 -04:00
parent 19f1321fa4
commit 6fdb12cdcc
1 changed files with 5 additions and 2 deletions

View File

@ -92,8 +92,11 @@ any time leading up to the actual release:
the release. We maintain a list of who gets these pre-notification emails in
the private ``django-core`` repository. Send the mail to
``security@djangoproject.com`` and BCC the pre-notification recipients.
This email should be signed by the key you'll use for the release, and
should include patches for each issue being fixed.
This email should be signed by the key you'll use for the release and
should include `CVE IDs <https://cveform.mitre.org/>`_ (requested with
Vendor: djangoproject, Product: django) and patches for each issue being
fixed. Also, :ref:`notify django-announce <security-disclosure>` of the
upcoming security release.
#. As the release approaches, watch Trac to make sure no release blockers
are left for the upcoming release.