Adjust AppSec release managers to follow versions instead of months
Historically at GitLab, security releases have been scheduled once a month, leading to the AppSec release manager rotation to be based on months. With the recent release updates including the monthly release to be the 3rd Thursday and the patch release cadence set every two weeks around the monthly release date, a month-based rotation no longer matches the release schedule, example https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/552#note_1851724643.
The AppSec rotation will benefit from following the same pattern as Delivery release managers, per version instead of per month, see https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/552.
From https://gitlab.com/gitlab-com/gl-security/product-security/appsec/appsec-team/-/issues/552#note_1860541373, AppSec will update AppSec will update the process used to assign folks to their rotation:
- A configuration file could live on the AppSec tooling repo, e.g.
security-release-tools/config/release_managers.yml
storing the folks that are actively on rotation:
release_managers:
- Ottilia Westerlund
- Greg Alfaro
- The file will be as part of the AppSec task issue (example): a step, to be executed at the end of the patch release, will be added to the
checklist_utils.rb
script requesting the current AppSec release managers to update theconfig/release_managers.yml
with the upcoming AppSec release managers based on the spreadsheet data.
This issue is to adjust the AppSec handle from the Delivery perspective
-
Update the active_appsec_release_managers
to reflect the new logic -
Deprecate the appsec
column onreleases.yml
-
Communicate changes to the Delivery team.