> On Aug 31, 2021, at 4:12 AM, Daniel Ruggeri <dan...@bitnebula.com> wrote:
> On 8/30/2021 3:53 PM, Christophe JAILLET wrote:
>> Le 30/08/2021 à 13:53, Eric Covener a écrit : 
>>> On Mon, Aug 30, 2021 at 7:36 AM ste...@eissing.org 
>>> <mailto:ste...@eissing.org> <ste...@eissing.org> 
>>> <mailto:ste...@eissing.org> wrote: 
>>>> In what state is our release handling? Given someone holding my hand, 
>>>> could I do it? Or is it better to look someone over the shoulder while he 
>>>> does it? 
>>> If there is an over-the-shoulder session I would like to tag along.  I 
>>> am flexible on time of day but I am GMT+4 (EDT).  I can host on webex. 
>>> Otherwise if you just want to struggle through it I can tag along but 
>>> I have no experience. 
>> I can give another try with my limited experience. 
>> I definitively would like to add a --dry-run option for all scripts so that 
>> they can be run for learning purpose without the fear of un-expected impact 
>> on svn. 
> FWIW, the announce.sh script which collates all the security "stuff" and 
> sends the announce emails drops the user to a shell to inspect/examine what 
> WILL happen before actually doing anything. Any non-zero return code of that 
> shell will abort the process. I used the heck out of that several times :-)
>> Existing scripts are not that easy to read at first, but are understanbdable 
>> and followinghttp://httpd.apache.org/dev/release.html#how-to-do-a-release 
>> <http://httpd.apache.org/dev/release.html#how-to-do-a-release> helps a lot. 
>> The scripts should also be tweaked because of the latest changes in several 
>> places (at least web site update (now on github) and CVE announcement (if 
>> any) now that part of the process is handled elsewhere). 
> +1
> To my knowledge, the publishing of the site and overhaul of the new CVE 
> process are the things requiring updates.

The JSON files for the release’s CVEs should be committed here: 
<https://github.com/apache/httpd-site/tree/main/content/security/json> : 

> -- 
> Daniel Ruggeri
>> The CVE announcement should be much easier, now that we have a "Send these 
>> Emails" on cveprocess.a.o. This should simplify part of the process where we 
>> were preparing some scripts to send the announcement emails. 
>> I've been lacking time for httpd since many weeks, but I should be able to 
>> RM next week if needed. 
>> CJ 
>>> Also: Anyone who has a showstopper to delay a release (even if not yet 
>>> proposed) please add it to 2.4.x STATUS so we can get things in order. 

Reply via email to