On Wed, Aug 7, 2024 at 2:28 AM Ruediger Pluem <rpl...@apache.org> wrote: > > > > On 4/3/24 3:55 PM, cove...@apache.org wrote: > > Author: covener > > Date: Wed Apr 3 13:55:56 2024 > > New Revision: 1916784 > > > > URL: http://svn.apache.org/viewvc?rev=1916784&view=rev > > Log: > > amend log message > > > > Modified: > > httpd/dev-tools/release/README > > > > Modified: httpd/dev-tools/release/README > > URL: > > http://svn.apache.org/viewvc/httpd/dev-tools/release/README?rev=1916784&r1=1916783&r2=1916784&view=diff > > ============================================================================== > > --- httpd/dev-tools/release/README (original) > > +++ httpd/dev-tools/release/README Wed Apr 3 13:55:56 2024 > > @@ -54,6 +54,7 @@ Usage overview: > > If CHANGES is really bad, consider replacing the various CHANGES > > files on dist/httpd. > > # If you are a moderator for announce@httpd.a.o or announce@a.o > > moderate your own announcement > > at https://webmod.apache.org/?action=frontpage > > + # Edit the CVE info into the revisions that fixed them in the backport, > > e.g. `svn propedit --revprop -r... svn:log` > > Someone opposed if we add a step that asks to add the revision numbers of the > backport to the specific CVE timeline?
Makes sense, since the revisions need to be chased down and collected for the log message change, it's only 1 more papercut to add them to the timeline. I assume only on cveprocess.a.o and not on the website?
