|
|
@@ -357,8 +357,13 @@ Now you're ready to actually put the release out there. To do this:
|
|
|
|
|
|
#. Post the release announcement to the |django-announce|, |django-developers|,
|
|
|
and |django-users| mailing lists. This should include a link to the
|
|
|
- announcement blog post. If this is a security release, also include
|
|
|
- oss-security@lists.openwall.com.
|
|
|
+ announcement blog post.
|
|
|
+
|
|
|
+#. If this is a security release, send a separate email to
|
|
|
+ oss-security@lists.openwall.com. Provide a descriptive subject, for example,
|
|
|
+ "Django" plus the issue title from the release notes (including CVE ID). The
|
|
|
+ message body should include the vulnerability details, for example, the
|
|
|
+ announcement blog post text. Include a link to the announcement blog post.
|
|
|
|
|
|
#. Add a link to the blog post in the topic of the `#django` IRC channel:
|
|
|
``/msg chanserv TOPIC #django new topic goes here``.
|
Carlton Gibson