Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Update security release process documentation #407
When this document was written, it presupposed a private release process, especially as it relates to pre-announcing security-related releases publicly.
Until we are able to pre-build and stage release artifacts for security releases, there is a gap of multiple hours between when fixes are pushed to public branches and when release artifacts for all release branches are available. Pre-announcing security-related changes will be landing during that time and drawing attention to the issues before fixed versions are available has consistently been deemed more harmful than helpful.
This PR updates this document to reflect the current security release process. As capability for private release build/staging is achieved, we can consider how to reintroduce public pre-release notification to the process.
[APPROVALNOTIFIER] This PR is APPROVED
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing