From: Petr Špaček Date: Fri, 5 Jun 2026 10:47:43 +0000 (+0200) Subject: Incident Manager is now always the assigned SwEng person X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=69b66b464bd3f376785d92a769cd50fa0e4b5066;p=thirdparty%2Fbind9.git Incident Manager is now always the assigned SwEng person All Hands 2026 decision. --- diff --git a/.gitlab/issue_templates/Internal_use_only-CVE.md b/.gitlab/issue_templates/Internal_use_only-CVE.md index 9444ef852c2..e7ffe392e6a 100644 --- a/.gitlab/issue_templates/Internal_use_only-CVE.md +++ b/.gitlab/issue_templates/Internal_use_only-CVE.md @@ -8,7 +8,7 @@ confidential! --> | Quick Links | :link: | | ------------------------ | ----------------------------------------------- | -| Incident Manager: | @user | +| Incident Manager: | @user (assigned SwEng person) | | Public Disclosure Date: | YYYY-MM-DD | | CVSS Score: | [0.0][cvss_score_url] | | CWE: | [CWE-NNN][cwe_category_url] | @@ -28,10 +28,10 @@ confidential! ### Before Code Freeze - - [ ] [:link:][step_respond] **(IM)** Respond to the bug reporter + - [ ] [:link:][step_respond] **(SwEng)** Respond to the bug reporter - [ ] [:link:][step_public_mrs] **(SwEng)** Ensure there are no public merge requests which inadvertently disclose the issue - [ ] [:link:][step_coordinate_cve_id] **(SwEng)** Check if we need to coordinate with other vendors (an industry-wide CVE identifier might be necessary) - - [ ] [:link:][step_assign_cve_id] **(IM)** Assign a CVE identifier + - [ ] [:link:][step_assign_cve_id] **(SwEng)** Assign a CVE identifier - [ ] [:link:][step_note_cve_info] **(SwEng)** Update this issue with the assigned CVE identifier, the CVSS score, and the CWE category - [ ] [:link:][step_versions_affected] **(SwEng)** Determine the range of product versions affected (including the Subscription Edition) - [ ] [:link:][step_workarounds] **(SwEng)** Determine whether workarounds for the problem exist @@ -70,7 +70,7 @@ confidential! ### On the Day of Public Disclosure - - [ ] [:link:][step_clearance] **(IM)** Grant QA & Marketing clearance to proceed with public release + - [ ] [:link:][step_clearance] **(SwEng)** Grant QA & Marketing clearance to proceed with public release - [ ] [:link:][step_matrix] **(Support)** (BIND 9 only) Add the new CVEs to the vulnerability matrix in the Knowledge Base - [ ] [:link:][step_bump_advisory] **(Support)** Bump Document Version for the Security Advisory in Printing Press - [ ] [:link:][step_publish_advisory] **(Support)** Publish the Security Advisory in the Knowledge Base @@ -78,7 +78,7 @@ confidential! - [ ] [:link:][step_notifications] **(First IM)** Send notification emails to third parties - [ ] [:link:][step_mitre] **(First IM)** Advise MITRE about the disclosed CVEs - [ ] [:link:][step_merge_advisory] **(First IM)** Merge the Security Advisory merge request - - [ ] [:link:][step_embargo_end] **(IM)** Inform original reporter (if external) that the security disclosure process is complete + - [ ] [:link:][step_embargo_end] **(SwEng)** Inform original reporter (if external) that the security disclosure process is complete - [ ] [:link:][step_evn_clear] **(Support)** Update the tickets in the EVN queues in RT that the embargo is lifted - [ ] [:link:][step_customers] **(Marketing)** Ensure that a ticket has been sent in the appropriate announce queue in RT to notify customers that the release is published (as outlined in the release checklist)