commit a2348b06b2c1a28941bd4ea1369f23ce91202028
author Marco Miller <marco.mmiller@gmail.com> Thu May 13 12:14:02 2021 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu May 13 12:14:02 2021 +0000
tree 6d413bd0eae6cace3d34d0d4c1e37c1c75ca4d16
parent 9df1667be989ce969fd6c3f9ea124d1e376b22f2
parent bccd3032a90f59cc1f64c7760d18162134e1bdb3

Merge "Merge branch 'stable-3.2' into stable-3.3" into stable-3.3

Documentation/dev-processes.txt

diff --git a/Documentation/dev-processes.txt b/Documentation/dev-processes.txt
index 5828cef..5049831 100644
--- a/Documentation/dev-processes.txt
+++ b/Documentation/dev-processes.txt
@@ -278,14 +278,32 @@
 test that verifies that the security vulnerability is no longer present.
 +
 Review and approval of the security fixes must be done by the Gerrit
-maintainers. Verifications must be done manually since the Gerrit CI doesn't
-build and test changes of the `gerrit-security-fixes` repository (and it
-shouldn't because everything on the CI server is public which would break
-the embargo).
+maintainers.
 +
 Once a security fix is ready and submitted, it should be cherry-picked to all
 branches that should be fixed.
 
+. CI validation of the security fix:
++
+The validation of the security fixes does not happen on the regular Gerrit CI,
+because it would compromise the confidentiality of the fix and therefore break
+the embargo.
++
+The release manager maintains a private branch on the
+link:https://gerrit-review.googlesource.com/admin/repos/gerrit-ci-scripts[gerrit-ci-scripts,role=external,window=_blank] repository
+which contains a special build pipeline with special visibility restrictions.
++
+The validation process provides feedback, in terms of Code-Style, Verification
+and Checks, to the incoming security changes. The links associated
+with the build logs are exposed over the Internet but their access limited
+to only those who are actively participating in the development and review of
+the security fix.
++
+The maintainers that are willing to access the links to the CI logs need
+to request a time-limited (maximum 30 days) nominal X.509 certificate from a
+CI maintainer, which allows to access the build logs and analyze failures.
+The release manager may help obtaining that certificate from CI maintainers.
+
 . Creation of fixed releases and announcement of the security vulnerability:
 +
 A release manager should create new bug fix releases for all fixed branches.