Announce marking of security issues as related to release issues
In gitlab-org/release-tools!854 (merged) we added the basic bits and pieces necessary to process security merge requests in groups of issues. This allows us to change the merging of security merge requests such that merge requests belonging to the same issue are only merged if all of them are valid. This also makes it easier to determine which merge requests we should consider in the first place, preventing us from merging merge requests meant for a future security release.
In gitlab-org/gitlab!25451 (merged) we changed some of the issue/MR templates to state that security issues should now be marked as related to the release issue, so our new code (once we start using it) can take advantage of this.
I am currently in the process of making sure our release issue template is up to date. Once this is merged, we should announce this new setup so that developers are aware of this.
Plan
-
Modify the security release issue template - gitlab-org/gitlab!25901 (merged) -
Modify security issue and merge request template - gitlab-org/gitlab!25451 (merged), gitlab-org/gitlab!25919 (merged) -
Update security release issue and merge request template for stable branches -
12-8-stable-ee
- gitlab-org/gitlab!26086 (merged) -
12-7-stable-ee
- gitlab-org/gitlab!26087 (merged) -
12-6-stable-ee
- gitlab-org/gitlab!26090 (merged)
-
-
Create an Announcements issue -
Post the announcement issue on #backend, #development, #frontend, #backend_maintainers, #sec-appsec and #quality -
Post the announcement in the "Engineering Week-in-Review"