Add steps to verify security fix using omnibus package
Why is this change being made?
This change adds a new section to a security documentation guide that explains how to validate security fixes using Omnibus packages. The addition provides step-by-step instructions for triggering a specific type of testing pipeline and creating an Omnibus package to verify that security fixes work properly before they're released.
Based on the steps shared in slack thread https://gitlab.slack.com/archives/C07TWBRER7H/p1759841316390559
Author and Reviewer Checklist
Please verify the check list and ensure to tick them off before the MR is merged.
-
Provided a concise title for this Merge Request (MR) -
Added a description to this MR explaining the reasons for the proposed change, per say why, not just what - Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added, and the content is SAFE
-
Assign reviewers for this MR to the correct - The when to get approval handbook section explains when DRI approval is required
- The who can approve handbook section explains how to identify the DRI
- If the MR does not require DRI approval, consider asking someone on your team, such as your manager.
- The approver may merge the MR. If they approve but don't merge, you can merge.
-
For transparency, share this MR with the audience that will be impacted. -
Team: For changes that affect your direct team, share in your group Slack channel -
Department: If the update affects your department, share the MR in your department Slack channel -
Division: If the update affects your division, share the MR in your division Slack channel -
Company: If the update affects all (or the majority of) GitLab team members, post an update in #whats-happening-at-gitlab linking to this MR - For high-priority company-wide announcements work with the internal communications team to post the update in #company-fyi and align on a plan to circulate in additional channels like the "While You Were Iterating" Newsletter
-
Commits
- Add steps to test omnibus package
This change adds a new section to a security documentation guide that explains how to validate security fixes using Omnibus packages. The addition provides step-by-step instructions for triggering a specific type of testing pipeline and creating an Omnibus package to verify that security fixes work properly before they're released.