124
edits
Security/Firefox/Security Bug Life Cycle/Security Advisories: Difference between revisions
Security/Firefox/Security Bug Life Cycle/Security Advisories (view source)
Revision as of 18:26, 25 October 2019
, 25 October 2019→Assign CVEs
| Line 61: | Line 61: | ||
=== Assign CVEs === | === Assign CVEs === | ||
Typically done a day or two before the release, assign CVEs to the bugs in bugzilla, and in the yml file. TODOXXX - this should be automated. | Typically done a day or two before the release, assign CVEs to the bugs in bugzilla, and in the yml file. TODOXXX - this should be automated. (I'm thinking - assign them using a google apps script that interfaces with the spreadsheet, regenerate the yml and diff across any manual edits.) | ||
A noteworthy item is that issues that already have had a CVE assigned - for example because it's an upstream bug - should get a '''feed: false''' in the advisory, after reporter. | A noteworthy item is that issues that already have had a CVE assigned - for example because it's an upstream bug - should get a '''feed: false''' in the advisory, after reporter. | ||