tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

DOCS Update references to open source JIRA > GitHub, minimum PHP version update

Browse Source
This commit is contained in:
Robbie Averill 2018-05-07 14:27:43 +12:00 committed by GitHub
parent 9a9b95b4f6
commit 53938f3bde
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/en/05_Contributing/05_Making_A_SilverStripe_Core_Release.md
View File

@ -23,7 +23,7 @@ As a core contributor it is necessary to have installed the following set of too
### First time setup: Standard releases ### First time setup: Standard releases
* PHP 5.5+ * PHP 5.3+ (for SilverStripe 3.x) or PHP 5.6+ (for SilverStripe 4.x)
* Python 2.7 / 3.5 * Python 2.7 / 3.5
* [cow release tool](https://github.com/silverstripe/cow#install). This should typically * [cow release tool](https://github.com/silverstripe/cow#install). This should typically
be installed in a global location via the below command. Please see the installation be installed in a global location via the below command. Please see the installation
@ -62,11 +62,10 @@ SS_DEFAULT_ADMIN_PASSWORD="password"
SS_BASE_URL="http://localhost/" SS_BASE_URL="http://localhost/"
``` ```
You will also need to be assigned the following permissions. Contact one of the SS staff from You will also need to be assigned the following permissions. Contact one of the SilverStripe staff from
the [core committers](core_committers), who will assist with setting up your credentials. the [core committers](core_committers), who will assist with setting up your credentials.
* Write permissions on the [silverstripe](https://github.com/silverstripe) and * Write permissions on the [silverstripe](https://github.com/silverstripe) organisation.
[silverstripe-labs](https://github.com/silverstripe-labs) organisations.
* Admin permissions on [transifex](https://www.transifex.com/silverstripe/). * Admin permissions on [transifex](https://www.transifex.com/silverstripe/).
Set up a [~/.transifexrc](https://docs.transifex.com/client/client-configuration) with your credentials. Set up a [~/.transifexrc](https://docs.transifex.com/client/client-configuration) with your credentials.
* AWS write permissions on the `silverstripe-ssorg-releases` s3 bucket * AWS write permissions on the `silverstripe-ssorg-releases` s3 bucket
@ -82,9 +81,8 @@ For doing security releases the following additional setup tasks are necessary:
* Write permissions on the [silverstripe-security](https://github.com/silverstripe-security) * Write permissions on the [silverstripe-security](https://github.com/silverstripe-security)
organisation. organisation.
* Permission granted on the [open source security JIRA](https://silverstripe.atlassian.net/secure/RapidBoard.jspa?rapidView=198&view=detail)
* Permissions to write to the [security releases page](http://www.silverstripe.org/download/security-releases) * Permissions to write to the [security releases page](http://www.silverstripe.org/download/security-releases)
and the [silverstripe.org cms](http://www.silverstripe.org/admin). and the [silverstripe.org CMS](http://www.silverstripe.org/admin).
* Permission on [security pre-announcement mailing list](https://groups.google.com/a/silverstripe.com/forum/#!forum/security-preannounce). * Permission on [security pre-announcement mailing list](https://groups.google.com/a/silverstripe.com/forum/#!forum/security-preannounce).
## Security release process ## Security release process
@ -94,7 +92,7 @@ steps will need to be performed manually. As such, this guide should not be foll
exactly the same for these. exactly the same for these.
Standard practice is to produce a pre-release for any patched modules on the security Standard practice is to produce a pre-release for any patched modules on the security
forks for cms and framework (see [silverstripe-security](https://github.com/silverstripe-security)). forks, e.g. for cms and framework (see [silverstripe-security](https://github.com/silverstripe-security)).
<div class="warning" markdown="1"> <div class="warning" markdown="1">
Security issues are never disclosed until a public stable release containing this fix Security issues are never disclosed until a public stable release containing this fix
@ -108,11 +106,11 @@ Producing a security fix follows this general process:
anyone who disclosed this issue, and confirm with them as soon as possible whether anyone who disclosed this issue, and confirm with them as soon as possible whether
this issue is a verified security issue. this issue is a verified security issue.
* Log this CVE, along with description, release version, and name of reporter in * Log this CVE, along with description, release version, and name of reporter in
JIRA at [open source security jira](https://silverstripe.atlassian.net/secure/RapidBoard.jspa?rapidView=198&view=detail). the [security issues GitHub repository](https://github.com/silverstripe-security/security-issues/issues).
* Create a similar record of this issue on the [security releases page](http://www.silverstripe.org/download/security-releases) * Create a similar record of this issue on the [security releases page](http://www.silverstripe.org/download/security-releases)
in draft mode. in draft mode.
* Post a pre-announcement to the [security pre-announcement list](https://groups.google.com/a/silverstripe.com/forum/#!forum/security-preannounce). * Post a pre-announcement to the [security pre-announcement list](https://groups.google.com/a/silverstripe.com/forum/#!forum/security-preannounce).
It's normally ideal to include a [VCSS](https://nvd.nist.gov/CVSS-v2-Calculator) It's normally ideal to include a [CVSS](https://nvd.nist.gov/CVSS-v2-Calculator)
(common vulnerability scoring system) along with this pre-announcement. If the (common vulnerability scoring system) along with this pre-announcement. If the
release date of the final stable is not known, then it's ok to give an estimated release date of the final stable is not known, then it's ok to give an estimated
release schedule. release schedule.
@ -124,8 +122,8 @@ Producing a security fix follows this general process:
* Once release testing is completed and the release is ready for stabilisation, then these fixes * Once release testing is completed and the release is ready for stabilisation, then these fixes
can then be pushed to the upstream module fork, and the release completed as per normal. can then be pushed to the upstream module fork, and the release completed as per normal.
Make sure to publish any draft security pages at the same time as the release is published (same day). Make sure to publish any draft security pages at the same time as the release is published (same day).
* After the final release has been published, close related JIRA issues * After the final release has been published, close related GitHub issues
at [open source security jira](https://silverstripe.atlassian.net/secure/RapidBoard.jspa?rapidView=198&view=detail) in the [security-issues repository](https://github.com/silverstripe-security/security-issues/issues).
<div class="warning" markdown="1"> <div class="warning" markdown="1">
Note: It's not considered acceptable to disclose any security vulnerability until a fix exists in Note: It's not considered acceptable to disclose any security vulnerability until a fix exists in