Merge pull request #9676 from creative-commoners/pulls/4/docs-preannouncement-mailing-list-denounce

DOC Clarify the security pre-announcement mailing list usage
This commit is contained in:
Ingo Schommer 2020-09-10 16:51:49 +12:00 committed by GitHub
commit 089098ffdb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -255,7 +255,7 @@ See [Silverstripe CMS Core Release Process](making_a_silverstripe_core_release).
### Pre-announcement mailing list
In addition to our public disclosure process, we maintain a private mailing list where upcoming
"high" or "critical" security releases are pre-announced.
"high" and "critical" security releases are pre-announced.
Members of this list will receive a security pre-announcement, as soon as it has been
sufficiently researched, with a timeline for the upcoming release.
This will happen a few days before the announcement goes public alongside a new release,
@ -270,6 +270,10 @@ You dont need to be a client of Silverstripe Ltd to get on board,
but we will need to perform some low-touch background checks to verify your identity.
Please contact [security@silverstripe.org](mailto:security@silverstripe.org) for details.
Only "high" and "critical" issues are pre-announced via the mailing list. If you want
to know about all the minor security mitigations, keep an eye on the ["releases" forum category](https://forum.silverstripe.org/c/releases),
changelogs and the website section [Security Releases](https://www.silverstripe.org/download/security-releases/).
## Quality Assurance and Testing