Change developer-release manager handover flow in security releases
During the latest security release preparation, release managers had approximately 60 merge requests in CE alone assigned to them for inclusion in the security release.
Developer docs state that:
- Fixes are created on dev.gitlab.org
- Each fix needs 4 MRs (3 backports and one for master)
- The MR has a specific title expectation
- All specs need to be green and MRs ready for merge
There are several confusion points in this process:
- Who is the assignee of those MR's?
- What labels should be applied to the MRs?
- Why can't we merge the MRs to the security branches?
- Who is responsible for adding security issues to the security release issue?
Questions will be added in comments as discussion.
Edited by Marin Jankovski