This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow-steward.git
The following commit(s) were added to refs/heads/main by this push:
new 6e73a17 docs(rm-handoff): use 'REVIEW button on Editor tab' instead
of 'State dropdown on #source' (#382)
6e73a17 is described below
commit 6e73a17bd359d6034b8c018c80ad8f98ad7ab184
Author: Jarek Potiuk <[email protected]>
AuthorDate: Sat May 30 18:29:48 2026 +0200
docs(rm-handoff): use 'REVIEW button on Editor tab' instead of 'State
dropdown on #source' (#382)
The Vulnogram UI for moving REVIEW → READY now exposes a 'REVIEW
button' on the 'Editor' tab rather than a State dropdown on the
#source tab. Update both hand-off comment templates (oauth-pushed +
manual-paste) so the RM click-path matches reality. Two-line change,
both files identical.
Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
---
tools/vulnogram/release-manager-handoff-comment-oauth-pushed.md | 2 +-
tools/vulnogram/release-manager-handoff-comment.md | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/vulnogram/release-manager-handoff-comment-oauth-pushed.md
b/tools/vulnogram/release-manager-handoff-comment-oauth-pushed.md
index c6e9ce0..3cfd277 100644
--- a/tools/vulnogram/release-manager-handoff-comment-oauth-pushed.md
+++ b/tools/vulnogram/release-manager-handoff-comment-oauth-pushed.md
@@ -105,7 +105,7 @@ Open the record's [`#source` tab](SOURCE_TAB_URL) in your
browser. **State** fie
1. **Click the [`#email` tab](EMAIL_TAB_URL)** on the same page. Scroll
through any reviewer comments left by the ASF Security Team's CVE reviewers.
**You do not need to act on reviewer comments yourself** — they arrive by email
on `SECURITY_LIST` with the CVE ID in the subject, and sync detects them on the
next run, opens corresponding body-field updates on this tracker, and re-pushes
the JSON. If the comments tab is empty, or carries a closure note (*"OK, looks
good"* / *"approved"*), [...]
-2. **When the reviewer thread is clear** (no open comments, or all comments
have an *"OK, looks good"*-style closer), use the **State** dropdown on
`#source` to change `REVIEW` → `READY`. Click **Save**. *The record is now
staged for advisory send.*
+2. **When the reviewer thread is clear** (no open comments, or all comments
have an *"OK, looks good"*-style closer), click the **REVIEW button on the
Editor tab** to advance the record from `REVIEW` → `READY`. Click **Save**.
*The record is now staged for advisory send.*
> 💡 *How do you know the reviewer thread is clear?* Two signals: (a) no new
> reviewer email on `SECURITY_LIST` carrying the CVE ID for ~3 days, or (b) an
> explicit "looks good" reply from the reviewer. Most CVEs go through `REVIEW`
> with no reviewer comments at all — in that case, you can usually move
> `REVIEW → READY` immediately after Step 1.1's tab-check confirms there's
> nothing to address.
diff --git a/tools/vulnogram/release-manager-handoff-comment.md
b/tools/vulnogram/release-manager-handoff-comment.md
index afda54f..b867ed0 100644
--- a/tools/vulnogram/release-manager-handoff-comment.md
+++ b/tools/vulnogram/release-manager-handoff-comment.md
@@ -107,7 +107,7 @@ Open the record's [`#source` tab](SOURCE_TAB_URL) in your
browser. **State** fie
1. **Click the [`#email` tab](EMAIL_TAB_URL)** on the same page. Scroll
through any reviewer comments left by the ASF Security Team's CVE reviewers.
**You do not need to act on reviewer comments yourself** — they arrive by email
on `SECURITY_LIST` with the CVE ID in the subject, and sync detects them on the
next run, opens corresponding body-field updates on this tracker, and re-pushes
the JSON. If the comments tab is empty, or carries a closure note (*"OK, looks
good"* / *"approved"*), [...]
-2. **When the reviewer thread is clear** (no open comments, or all comments
have an *"OK, looks good"*-style closer), use the **State** dropdown on
`#source` to change `REVIEW` → `READY`. Click **Save**. *The record is now
staged for advisory send.*
+2. **When the reviewer thread is clear** (no open comments, or all comments
have an *"OK, looks good"*-style closer), click the **REVIEW button on the
Editor tab** to advance the record from `REVIEW` → `READY`. Click **Save**.
*The record is now staged for advisory send.*
> 💡 *How do you know the reviewer thread is clear?* Two signals: (a) no new
> reviewer email on `SECURITY_LIST` carrying the CVE ID for ~3 days, or (b) an
> explicit "looks good" reply from the reviewer. Most CVEs go through `REVIEW`
> with no reviewer comments at all — in that case, you can usually move
> `REVIEW → READY` immediately after Step 1.1's tab-check confirms there's
> nothing to address.
