> On Aug 31, 2021, at 4:12 AM, Daniel Ruggeri <dan...@bitnebula.com> wrote: > > > On 8/30/2021 3:53 PM, Christophe JAILLET wrote: >> >> Le 30/08/2021 à 13:53, Eric Covener a écrit : >>> On Mon, Aug 30, 2021 at 7:36 AM ste...@eissing.org >>> <mailto:ste...@eissing.org> <ste...@eissing.org> >>> <mailto:ste...@eissing.org> wrote: >>>> In what state is our release handling? Given someone holding my hand, >>>> could I do it? Or is it better to look someone over the shoulder while he >>>> does it? >>> If there is an over-the-shoulder session I would like to tag along. I >>> am flexible on time of day but I am GMT+4 (EDT). I can host on webex. >>> Otherwise if you just want to struggle through it I can tag along but >>> I have no experience. >> >> I can give another try with my limited experience. >> >> I definitively would like to add a --dry-run option for all scripts so that >> they can be run for learning purpose without the fear of un-expected impact >> on svn. > FWIW, the announce.sh script which collates all the security "stuff" and > sends the announce emails drops the user to a shell to inspect/examine what > WILL happen before actually doing anything. Any non-zero return code of that > shell will abort the process. I used the heck out of that several times :-) > > > >> >> Existing scripts are not that easy to read at first, but are understanbdable >> and followinghttp://httpd.apache.org/dev/release.html#how-to-do-a-release >> <http://httpd.apache.org/dev/release.html#how-to-do-a-release> helps a lot. >> The scripts should also be tweaked because of the latest changes in several >> places (at least web site update (now on github) and CVE announcement (if >> any) now that part of the process is handled elsewhere). >> > > +1 > > To my knowledge, the publishing of the site and overhaul of the new CVE > process are the things requiring updates. >
The JSON files for the release’s CVEs should be committed here: https://github.com/apache/httpd-site/tree/main/content/security/json <https://github.com/apache/httpd-site/tree/main/content/security/json> : https://gitbox.apache.org/repos/asf?p=httpd-site.git;a=tree;f=content/security/json;hb=HEAD <https://gitbox.apache.org/repos/asf?p=httpd-site.git;a=tree;f=content/security/json;hb=HEAD> > -- > Daniel Ruggeri >> The CVE announcement should be much easier, now that we have a "Send these >> Emails" on cveprocess.a.o. This should simplify part of the process where we >> were preparing some scripts to send the announcement emails. >> >> I've been lacking time for httpd since many weeks, but I should be able to >> RM next week if needed. >> >> CJ >> >>> Also: Anyone who has a showstopper to delay a release (even if not yet >>> proposed) please add it to 2.4.x STATUS so we can get things in order. >>>