Developer in non-critical security release process
Defining non-critical security release, we need to add developer related non-critical security release process.
We should get developer specific information out of the current document in https://gitlab.com/gitlab-org/release/docs/blob/master/general/security.md .
This document should contain:
- Overview that explains in short what the process is. Who they need to interact with and what the notable deadlines are according to https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/process.md .
- Point the developer to a security issue template in CE/EE repo which contains the checklist of what needs to be done
- Naming convention for the branches. All branches with security related fixes need to start wit h
security-
. These branches will be protected on gitlab.com so that people can't push the security fixes there. - How many MRs does the developer need to create. (3 backports + master, required to create MRs for CE and EE)