Commit Graph

30 Commits

Author SHA1 Message Date
Serge Latyntcev
f185dfb2c5 DOC Clarify that Security release is a SilverStripe Core release 2019-09-18 11:19:55 +12:00
Ingo Schommer
e3f06c4468 DOCS Remove uservoice mentions
See https://forum.silverstripe.org/t/a-new-way-to-manage-feature-ideas/2264
2019-09-06 16:01:30 +12:00
Robbie Averill
e948c5eb1e DOCS Update "release numbering" to document the fact that lock step releases are not required (#9000)
* DOCS Update "release numbering" to document the fact that lock step releases are not required

[ci skip]

* DOCS Update "making a SilverStripe core release" to clarify recipe versus module without lock step

Also adds note about peer reviewing the plan before release

[ci skip]
2019-05-22 10:16:24 +12:00
Ingo Schommer
af7e055574 DOCS Limited "critical security fixes" release lines
We're adopting CVSS (https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator),
which allows us to classify the impact of security issues
based on industry standard metrics.

While there is still a lot of room for interpretation,
it is more objective than our previous system of "critical/high/medium/low",
with one sentence descriptions on how we interpret that "severity rating".

This effectively changes our process to only apply
security fixes to release lines in "limited support" (currently 3.6 and 3.7)
if they're considered "critical" (CVSS > 9.0).

We've already limited preannounces to CVSS >7.0 in these docs.
2019-04-01 17:08:13 +13:00
Ingo Schommer
62bd6ff334 DOCS Clarify security process, introduce CVE and CVSS
Moved the guts to "making a core release", since it's only really relevant to that audience.
There's more work to do around making security and non-security releases the same (less special handling),
but I think this is a good start.

[ci-skip]
2019-02-26 13:48:07 +13:00
Ingo Schommer
9bdd5fb162 DOCS Replaced references to core mailinglist with forum 2018-12-19 10:20:46 +13:00
Ingo Schommer
8b601b8ecc DOCS Further wording changes to pre announce release docs 2018-12-19 09:41:59 +13:00
Ingo Schommer
cc51ffea68 DOCS Minor wording changes on release process docs 2018-12-18 16:39:32 +13:00
Ingo Schommer
7f05c7c6d4 DOCS Clarified latest vs. next 2018-09-13 08:11:07 +12:00
Ingo Schommer
1f881f5c3f DOCS Clarify sec release process 2018-09-13 08:09:27 +12:00
Ingo Schommer
dd4bcac3a7 DOCS Release support clarification
See https://github.com/silverstripe/silverstripe-framework/issues/8189
2018-09-13 08:09:24 +12:00
Ingo Schommer
2e1e8e07b9 DOCS Consistent app/ folder and composer use
- Stronger wording around "use composer"
- Consistent domain and email address naming
- Removed example for publishing non-composer modules (those shouldn't be encouraged)
- Removed instructions for installing modules from archives

[ci skip]
2018-06-25 10:40:19 +12:00
Ingo Schommer
10328a8970 Less conflicting statement on security fix release lines 2018-05-07 21:20:39 +12:00
Ingo Schommer
63b1f0153d Clarify roadmap and change releases location for docs 2018-05-03 15:19:45 +12:00
Ingo Schommer
4ccfa94132 Removed docs about pre-semver times
We no longer support those versions, so it's just noise.
2018-05-03 14:52:52 +12:00
Ingo Schommer
13c9372a1d Clarify docs around security releases on supported modules 2018-03-07 11:07:17 +13:00
Ingo Schommer
26c3e224db Remove module-specific docs instructions
We have too many docs to list these out now,
even in 3.x this was a bit of a stopgap solution.
Point to a centrally managed URL on silverstripe.org
instead, where we can update the list of "core modules" regularly
without breaking URLs in the docs etc

Note that these URLs are also used internally by the
Open Sourcerers team.
2018-01-30 09:08:49 +13:00
Ingo Schommer
58da8c47cb Moved security process from JIRA to Github
JIRA isn't fully under the OSS team's control,
and played up in the past (Dan couldn't move issues).
Since Github has project boards now, and we're paying
for private repos on github.com/silverstripe-security already anyway,
there's no reason to introduce another tool (JIRA) into our workflows.

No need to move existing issues, the JIRA board hasn't been used in a while.
Which leads to unclear ownership and status of security issues,
and is exactly the reason for this change ;)
2017-11-15 07:44:17 +13:00
Damian Mooyman
cdfb413395
Code block whitespace / formatting cleanup 2017-10-27 15:38:27 +13:00
Aaron Carlino
50c8a02bff remove tabs 2017-08-07 15:11:17 +12:00
Aaron Carlino
84feab5a68 Yeah psr2 functions 2017-08-07 14:01:38 +12:00
Aaron Carlino
2414eaeafd Yay, clean arrays 2017-08-07 14:01:38 +12:00
Aaron Carlino
eb1695c03d Replace all legacy ::: syntax with GFMD tags 2017-08-07 14:01:38 +12:00
Saophalkun Ponlu
63ba092765 FIX Add namespaces in markdown docs (#7088)
* FIX Add namespaces in markdown docs

* FIX Convert doc [link] to [link-text](link-uri)
2017-07-03 13:22:12 +12:00
Damian Mooyman
dd4eb6ce44 Merge pull request #6960 from open-sausages/pulls/4.0/security-process-docs
Internal security process docs
2017-06-16 13:50:58 +12:00
Ingo Schommer
b137e91998 Internal security process docs 2017-06-02 11:30:12 +12:00
Christopher Joe
e327bf3c70 Enhancement add contribution notes about releasing to NPM 2017-05-24 17:07:05 +12:00
Daniel Hensby
6e096f6172
DOCS Updated environment management docs to use .env file 2017-01-31 21:28:51 +00:00
Ingo Schommer
020a4dc81e Removed "release maintainer" from docs
The role moves around based on current availability.
@tractorcow has done most of the last releases,
but a separate team (headed by @dhensby) will be
responsible for 3.x releases.

There's not really much point to declaring a release maintainer,
unless there's disagreements in the core team where we need
an arbitrator. So far those conflicts have been resolved
on individual tickets (e.g. what should go into a release),
and the process for that seems to work well.
2017-01-17 11:51:20 +13:00
Ingo Schommer
75a23c0b31 Moved "build tooling" into separate doc
It was getting a bit lost halfway down the contributing/code instructions,
in between the detailed git instructions.

Also reordered the docs TOC for that folder by renaming the files.
2016-06-13 08:30:44 +12:00