Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Write Runbooks for Addressing CVEs #554

Open
noelmiller opened this issue Apr 10, 2024 · 0 comments
Open

Write Runbooks for Addressing CVEs #554

noelmiller opened this issue Apr 10, 2024 · 0 comments

Comments

@noelmiller
Copy link
Member

noelmiller commented Apr 10, 2024
edited by bsherman
Loading

When dealing with #553, I noticed we did not have a defined plan for dealing with CVEs. I think it would be valuable to have a runbook on how to address CVEs.

I think we should also include information in the contributing guide about how to responsibly disclose CVEs to the team.

Rough information that should go in the runbook: (thanks @bsherman)

  1. create a "war room" thread in #ublue-dev
  2. pause all dev work (PR merges, extraneous Github builds) until CVE is handled or agreed to allow parallel efforts
  3. coordinate to write our own announcement
  4. test images/builds as needed
@dosubot dosubot bot added the stale Issue has not had recent activity or appears to be solved. Stale issues will be automatically closed label Jul 10, 2024
@dosubot dosubot bot closed this as not planned Won't fix, can't repro, duplicate, stale Jul 17, 2024
@dosubot dosubot bot removed the stale Issue has not had recent activity or appears to be solved. Stale issues will be automatically closed label Jul 17, 2024
@m2Giles m2Giles reopened this Jul 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Project Goals
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@noelmiller @m2Giles