TakeV
/
forgejo
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[DOCS] CONTRIBUTING/RELEASE: publishing security releases

This commit is contained in:
Loïc Dachary 2023-01-21 14:59:05 +01:00
parent 2568a62153
commit d4b23333ac
No known key found for this signature in database
GPG Key ID: 992D23B392F9E4F2
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CONTRIBUTING/RELEASE.md
View File

@ -50,6 +50,16 @@ When Forgejo is released, artefacts (packages, binaries, etc.) are first publish
### Publication
#### Security releases
This is done at least 48h in advance so people who asked to be members of this organization are given a chance to update and reduce the exposure of the Forgejo instance they run. Some steps are not documented to reduce the chances of exploiting the publicly documented process.
* Push the vX.Y.Z-N tag to https://codeberg.org/forgejo-security/forgejo
* Binaries are downloaded from https://codeberg.org/forgejo-integration, signed and copied to https://codeberg.org/forgejo-security
* Container images are copied from https://codeberg.org/forgejo-integration to https://codeberg.org/forgejo-security
#### Releases without security patches
* Push the vX.Y.Z-N tag to https://codeberg.org/forgejo/release
* Binaries are downloaded from https://codeberg.org/forgejo-integration, signed and copied to https://codeberg.org/forgejo
* Container images are copied from https://codeberg.org/forgejo-integration to https://codeberg.org/forgejo