Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document the Release Process #188

Merged
merged 8 commits into from
Jul 12, 2024
Merged

Document the Release Process #188

merged 8 commits into from
Jul 12, 2024

Conversation

SteveLasker
Copy link
Contributor

fixes #169

Signed-off-by: steve lasker <stevenlasker@hotmail.com>
Copy link

codecov bot commented Jul 10, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.04%. Comparing base (2b6f94f) to head (8929581).
Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main     #188   +/-   ##
=======================================
  Coverage   92.04%   92.04%           
=======================================
  Files          12       12           
  Lines        1973     1973           
=======================================
  Hits         1816     1816           
  Misses        108      108           
  Partials       49       49           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

release-management.md Outdated Show resolved Hide resolved
release-management.md Outdated Show resolved Hide resolved
release-management.md Outdated Show resolved Hide resolved

The go-cose library is an sdk around underlying crypto libraries, tailored to COSE scenarios.
The go-cose library does not implement cryptographic functionality, reducing the potential risk.
To assure go-cose had the proper baseline, two [security reviews](./reports) were conducted prior to the [v1.0.0](https://github.com/veraison/go-cose/releases/tag/v1.0.0) release
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
To assure go-cose had the proper baseline, two [security reviews](./reports) were conducted prior to the [v1.0.0](https://github.com/veraison/go-cose/releases/tag/v1.0.0) release

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need for history in a policy doc

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The purpose was to reference the existing security reviews, to provide visibility and confidence in how we manage our policy. We have, and will do security reviews, but will not do them for all releases.
How do we create visibility to reviews, so it doesn't look like we're dismissing the need?

Copy link
Contributor

@OR13 OR13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall this seems like a good baseline.
We can modify these policies as we encounter reason to, and as we learn from the experience of applying them.

You may consider noting that maintainer will update the release checklist and management policy based on feedback.

Signed-off-by: steve lasker <stevenlasker@hotmail.com>

Co-authored-by: Orie Steele <orie@or13.io>
@SteveLasker
Copy link
Contributor Author

SteveLasker commented Jul 11, 2024

Copy link
Contributor

@yogeshbdeshpande yogeshbdeshpande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have made few comments for you to have a look...

SteveLasker and others added 5 commits July 11, 2024 09:29
Signed-off-by: steve lasker <stevenlasker@hotmail.com>
Signed-off-by: steve lasker <stevenlasker@hotmail.com>

Co-authored-by: Yogesh Deshpande <yogesh.deshpande@arm.com>
Signed-off-by: steve lasker <stevenlasker@hotmail.com>
Signed-off-by: steve lasker <stevenlasker@hotmail.com>
Copy link
Contributor

@yogeshbdeshpande yogeshbdeshpande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@SteveLasker SteveLasker merged commit 96ea810 into main Jul 12, 2024
5 checks passed
@SteveLasker SteveLasker deleted the steve/issue-169 branch July 15, 2024 16:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Document the release process
3 participants