On 2024/08/07 10:48:26 Eric Covener wrote:
> On Wed, Aug 7, 2024 at 2:28 AM Ruediger Pluem <rpl...@apache.org> wrote:
> >
> >
> >
> > On 4/3/24 3:55 PM, cove...@apache.org wrote:
> > > Author: covener
> > > Date: Wed Apr 3 13:55:56 2024
> > > New Revision: 1916784
> > >
> > > URL: http://svn.apache.org/viewvc?rev=1916784&view=rev
> > > Log:
> > > amend log message
> > >
> > > Modified:
> > > httpd/dev-tools/release/README
> > >
> > > Modified: httpd/dev-tools/release/README
> > > URL:
> > > http://svn.apache.org/viewvc/httpd/dev-tools/release/README?rev=1916784&r1=1916783&r2=1916784&view=diff
> > > ==============================================================================
> > > --- httpd/dev-tools/release/README (original)
> > > +++ httpd/dev-tools/release/README Wed Apr 3 13:55:56 2024
> > > @@ -54,6 +54,7 @@ Usage overview:
> > > If CHANGES is really bad, consider replacing the various CHANGES
> > > files on dist/httpd.
> > > # If you are a moderator for announce@httpd.a.o or announce@a.o
> > > moderate your own announcement
> > > at https://webmod.apache.org/?action=frontpage
> > > + # Edit the CVE info into the revisions that fixed them in the
> > > backport, e.g. `svn propedit --revprop -r... svn:log`
> >
> > Someone opposed if we add a step that asks to add the revision numbers of
> > the backport to the specific CVE timeline?
>
> Makes sense, since the revisions need to be chased down and collected
> for the log message change, it's only 1 more papercut to add them to
> the timeline. I assume only on cveprocess.a.o and not on the website?
>
Also to the website to ease the life of people who just want to backport
security issues or are interested how we fixed a particular issue.
Regards
Rüdiger
