Have guidelines on writing release notes for emergency releases and security advisory
I'm probably not consistently reporting security vulnerabilities that are fixed in emergency releases of Tails or security advisory.
On the one hand, every release fixes security vulnerabilities and we are not detailing them. On the other hand, release notes are a good opportunity to communicate about the severity of some important vulnerabilities and educate users.
-
Check how I've been reporting security vulnerabilities -
in emergency release notes -
in security advisory
-
-
Try to come up with guidelines on how to report them -
Maybe extract templates or reusable snippets
-
-
Document all this in our style guide -
Reference and links to CVE? -
Clarify if used in the wild or not? -
Impact?
Examples:
- git grep -i vulnerability -- "wiki/src/news/version*.m"
-
https://tails.boum.org/news/version_3.14.1/
Edited by sajolida