Merge branch 'full-post-to-oss-security' of /home/git/repositories/gitlab/gitlabhq

Dmitriy Zaporozhets
2 parents 6cc3cc51 6413bfb5
Showing 1 changed file with 2 additions and 2 deletions Show diff stats
doc/release/security.md
@@ -26,10 +26,10 @@ Please report suspected security vulnerabilities in private to support@gitlab.co
 1. Send out an email to the subscribers mailing list on MailChimp
 1. Send out an email to [the community google mailing list](https://groups.google.com/forum/#!forum/gitlabhq)
 1. Send out an email to [the GitLab newsletter list](http://gitlab.us5.list-manage.com/subscribe?u=498dccd07cf3e9482bee33ba4&id=98a9a4992c)
-1. Post a signed copy of our announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number
+1. Post a signed copy of our complete announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number
 1. Add the security researcher to the [Security Researcher Acknowledgments list](http://www.gitlab.com/vulnerability-acknowledgements/)
 1. Thank the security researcher in an email for their cooperation
-1. Update the blogposts when we receive the CVE number
+1. Update the blogpost and the CHANGELOG when we receive the CVE number
 The timing of the code merge into master should be coordinated in advance.
 After the merge we strive to publish the announcements within 60 minutes.
	@@ -26,10 +26,10 @@ Please report suspected security vulnerabilities in private to support@gitlab.co		@@ -26,10 +26,10 @@ Please report suspected security vulnerabilities in private to support@gitlab.co
26	1. Send out an email to the subscribers mailing list on MailChimp	26	1. Send out an email to the subscribers mailing list on MailChimp
27	1. Send out an email to [the community google mailing list](https://groups.google.com/forum/#!forum/gitlabhq)	27	1. Send out an email to [the community google mailing list](https://groups.google.com/forum/#!forum/gitlabhq)
28	1. Send out an email to [the GitLab newsletter list](http://gitlab.us5.list-manage.com/subscribe?u=498dccd07cf3e9482bee33ba4&id=98a9a4992c)	28	1. Send out an email to [the GitLab newsletter list](http://gitlab.us5.list-manage.com/subscribe?u=498dccd07cf3e9482bee33ba4&id=98a9a4992c)
29	-1. Post a signed copy of our announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number	29	+1. Post a signed copy of our complete announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number
30	1. Add the security researcher to the [Security Researcher Acknowledgments list](http://www.gitlab.com/vulnerability-acknowledgements/)	30	1. Add the security researcher to the [Security Researcher Acknowledgments list](http://www.gitlab.com/vulnerability-acknowledgements/)
31	1. Thank the security researcher in an email for their cooperation	31	1. Thank the security researcher in an email for their cooperation
32	-1. Update the blogposts when we receive the CVE number	32	+1. Update the blogpost and the CHANGELOG when we receive the CVE number
33		33
34	The timing of the code merge into master should be coordinated in advance.	34	The timing of the code merge into master should be coordinated in advance.
35	After the merge we strive to publish the announcements within 60 minutes.	35	After the merge we strive to publish the announcements within 60 minutes.