debian-mirror-gitlab/.gitlab/merge_request_templates/Security Release.md
2020-05-24 23:13:21 +05:30

2 KiB

Developer checklist

  • On "Related issues" section, write down the GitLab Security issue it belongs to (i.e. Related to <issue_id>).
  • Merge request targets master, or X-Y-stable for backports.
  • Milestone is set for the version this merge request applies to. A closed milestone can be assigned via quick actions.
  • Title of this merge request is the same as for all backports.
  • A CHANGELOG entry is added without a merge_request value, with type set to security
  • Assign to a reviewer and maintainer, per our Code Review process.
  • For the MR targeting master:
    • Ask for a non-blocking review from the AppSec team member associated to the issue in the Canonical repository. If you're unsure who to ping, ask on #sec-appsec Slack channel.
    • Ensure it's approved according to our Approval Guidelines.
  • Merge request must not close the corresponding security issue, unless it targets master.

Note: Reviewer/maintainer should not be a Release Manager

Maintainer checklist

  • Correct milestone is applied and the title is matching across all backports
  • Assigned to @gitlab-release-tools-bot with passing CI pipelines and when all backports including the MR targeting master are ready.

/label ~security