On Tue, 25 May 2021 at 10:20, Martin Krizek <[email protected]> wrote: > > On Tue, May 25, 2021 at 7:00 AM Dick Visser <[email protected]> wrote: > > > > Hi > > > > Regarding ansible release information, I don't see any dedicated security > > announcement mailing list. > > Also the functionality that GitHub offers through the project's security > > advisory page seems to be unused: > > https://github.com/ansible/ansible/security/advisories > > > > The general release notes tend to be rather long and hence it's harder to > > sieve out security fixes. > > > > Is there maybe some dedicated channel somewhere else that carries security > > related content of ansible releases? > > > > FWIW release changelogs do have a dedicated section for security > fixes, for example see: > https://github.com/ansible/ansible/blob/stable-2.11/changelogs/CHANGELOG-v2.11.rst#security-fixes.
Yes, I see that now, thx. What would be the best way of receiving only these release notes? Some background, I'd like to have a security team being aware of available security updates for software that is used. The way to achieve this varies per software, some have dedicated security announcement lists (ideal as this is exactly the information that is needed). For some you can "watch" their "Security alerts" or "Releases" on github.com (also OK). For example: https://github.com/prometheus/prometheus/security/advisories https://github.com/prometheus/prometheus/releases/tag/v2.27.1 But for ansible, neither of these appear to contain actual content: https://github.com/ansible/ansible/releases/tag/v2.11.1 https://github.com/ansible/ansible/security/advisories. Subscribing the security team to _this_ list isn't practical because the volume is too high. Using/populating the relevant github "Release" data would already be a big improvement thx Dick -- Dick Visser Trust & Identity Service Operations Manager GÉANT -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwNoJbSmkMV8OfukDGts1Tfkh-n%3DUpuOdUHs1scKvMyTWA%40mail.gmail.com.
