Document process for 'security-fix' releases Change-Id: Ie3a99ac2dc2573091dc21156ca1643c0867ba61d Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>

commit: d71591e3a48aa60fbdf65ed2128525e3dde9db26 [log] [tgz]
author: Edwin Kempin <edwin.kempin@sap.com> Fri Dec 28 10:50:38 2012 +0100
committer: Edwin Kempin <edwin.kempin@sap.com> Fri Dec 28 10:50:38 2012 +0100
tree: 9ad9847db63391bf1e694164644c225c02a120fd
parent: 3f2c1d5013cd4949bf2ee6edb0700522eaf0cf5f [diff] [blame]
diff --git a/Documentation/dev-release.txt b/Documentation/dev-release.txt
index 7a963fc..b352ca4 100644
--- a/Documentation/dev-release.txt
+++ b/Documentation/dev-release.txt

@@ -60,6 +60,24 @@
 objectives are met
 
 
+Security-Fix
+~~~~~~~~~~~~
+
+`security-fix` releases should only contain bug fixes for security
+issues.
+
+For security issues it is important that they are only announced
+*after* fixed versions for all relevant releases have been published.
+Because of this `security-fix` releases can't be prepared in the public
+`gerrit` project.
+
+`security-fix` releases are prepared in the `gerrit-security-fixes`
+project which is only readable by the Gerrit Maintainers. Only after
+a `security-fix` release has been published the commits/tags done in
+the `gerrit-security-fixes` project will be taken over into the public
+`gerrit` project.
+
+
 Create the Actual Release
 ---------------------------
commit	d71591e3a48aa60fbdf65ed2128525e3dde9db26	[log] [tgz]
author	Edwin Kempin <edwin.kempin@sap.com>	Fri Dec 28 10:50:38 2012 +0100
committer	Edwin Kempin <edwin.kempin@sap.com>	Fri Dec 28 10:50:38 2012 +0100
tree	9ad9847db63391bf1e694164644c225c02a120fd
parent	3f2c1d5013cd4949bf2ee6edb0700522eaf0cf5f [diff] [blame]