Merge branch 'cve-if-needed' into 'master'

Add criteria for requesting CVE For #1887. Based on https://dev.gitlab.org/gitlab/gitlabhq/issues/1945#note_34587 cc @sytse See merge request !1662

Merge branch 'cve-if-needed' into 'master'
Add criteria for requesting CVE For #1887. Based on https://dev.gitlab.org/gitlab/gitlabhq/issues/1945#note_34587 cc @sytse See merge request !1662
d881a927 · Dmitriy Zaporozhets · 21c99e6a · ddd381c9 · d881a927
Commit d881a927 authored Mar 10, 2015 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

doc/release/security.md doc/release/security.md +1 -1

No files found.
--- a/doc/release/security.md
+++ b/doc/release/security.md
@@ -22,7 +22,7 @@ Please report suspected security vulnerabilities in private to <support@gitlab.c
 1. Merge and publish the blog posts
 1. Send tweets about the release from `@gitlabhq`
 1. Send out an email to [the community google mailing list](https://groups.google.com/forum/#!forum/gitlabhq)
-1. Post a signed copy of our complete announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number
+1. Post a signed copy of our complete announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number. CVE is only needed for bugs that allow someone to own the server (Remote Code Execution) or access to code of projects they are not a member of.
 1. Add the security researcher to the [Security Researcher Acknowledgments list](http://about.gitlab.com/vulnerability-acknowledgements/)
 1. Thank the security researcher in an email for their cooperation
 1. Update the blog post and the CHANGELOG when we receive the CVE number