Adjust security developer workflow
🔬 What does this MR do and why?
Currently, the security development workflow template instructs the developer to link their security tracking issue to the security release tracking issue as one of the first steps before any development takes place.
This creates a few problems in that it causes issues to be linked possibly a few days before the upcoming security release, when it is likely too late to be included, creating confusion for the developer and toil for the release manager who will likely ask if they were expecting the issue to be included and then asking them to unlink (or telling them their issue will be unlinked) and to re-link when the next security release tracking issue is created.
Instead of linking the issue at the beginning of the process. We should not link it until after development has been completed and all of the MRs are approved and ready to be merged.
Related to gitlab-com/gl-infra/delivery#19304 (closed)
Screenshots or screen recordings
n/a
How to set up and validate locally
n/a
🛃 MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.