Skip to content

Document the Release Process#188

Merged
SteveLasker merged 8 commits intomainfrom
steve/issue-169
Jul 12, 2024
Merged

Document the Release Process#188
SteveLasker merged 8 commits intomainfrom
steve/issue-169

Conversation

@SteveLasker
Copy link
Copy Markdown
Contributor

@SteveLasker SteveLasker commented Jul 10, 2024

fixes #169

@SteveLasker
Document the release process
8929581 
Signed-off-by: steve lasker <stevenlasker@hotmail.com>
@SteveLasker SteveLasker requested a review from OR13 July 10, 2024 00:26
@codecov
Copy link
Copy Markdown

codecov bot commented Jul 10, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.04%. Comparing base (2b6f94f) to head (8929581).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #188   +/-   ##
=======================================
  Coverage   92.04%   92.04%           
=======================================
  Files          12       12           
  Lines        1973     1973           
=======================================
  Hits         1816     1816           
  Misses        108      108           
  Partials       49       49

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@SteveLasker SteveLasker mentioned this pull request Jul 10, 2024
Closed
OR13
OR13 reviewed Jul 11, 2024
View reviewed changes
OR13
OR13 reviewed Jul 11, 2024
View reviewed changes
OR13
OR13 reviewed Jul 11, 2024
View reviewed changes
OR13
OR13 reviewed Jul 11, 2024
View reviewed changes
release-management.md

The go-cose library is an sdk around underlying crypto libraries, tailored to COSE scenarios.
The go-cose library does not implement cryptographic functionality, reducing the potential risk.
To assure go-cose had the proper baseline, two [security reviews](./reports) were conducted prior to the [v1.0.0](https://github.com/veraison/go-cose/releases/tag/v1.0.0) release
Copy link
Copy Markdown
Contributor

@OR13 OR13 Jul 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
To assure go-cose had the proper baseline, two [security reviews](./reports) were conducted prior to the [v1.0.0](https://github.com/veraison/go-cose/releases/tag/v1.0.0) release

Copy link
Copy Markdown
Contributor

@OR13 OR13 Jul 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need for history in a policy doc

Copy link
Copy Markdown
Contributor Author

@SteveLasker SteveLasker Jul 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The purpose was to reference the existing security reviews, to provide visibility and confidence in how we manage our policy. We have, and will do security reviews, but will not do them for all releases.
How do we create visibility to reviews, so it doesn't look like we're dismissing the need?

OR13
OR13 approved these changes Jul 11, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@OR13 OR13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall this seems like a good baseline.
We can modify these policies as we encounter reason to, and as we learn from the experience of applying them.

You may consider noting that maintainer will update the release checklist and management policy based on feedback.

@SteveLasker @OR13
Update release-management.md
a483ffa 
Signed-off-by: steve lasker <stevenlasker@hotmail.com>

Co-authored-by: Orie Steele <orie@or13.io>
@SteveLasker
Copy link
Copy Markdown
Contributor Author

SteveLasker commented Jul 11, 2024
edited
Loading

You may consider noting that maintainer will update the release checklist and management policy based on feedback.

👍

See:

yogeshbdeshpande
yogeshbdeshpande reviewed Jul 11, 2024
View reviewed changes
yogeshbdeshpande
yogeshbdeshpande reviewed Jul 11, 2024
View reviewed changes
yogeshbdeshpande
yogeshbdeshpande reviewed Jul 11, 2024
View reviewed changes
yogeshbdeshpande
yogeshbdeshpande reviewed Jul 11, 2024
View reviewed changes
yogeshbdeshpande
yogeshbdeshpande reviewed Jul 11, 2024
View reviewed changes
yogeshbdeshpande
yogeshbdeshpande reviewed Jul 11, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@yogeshbdeshpande yogeshbdeshpande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have made few comments for you to have a look...

SteveLasker and others added 5 commits July 11, 2024 09:29
@SteveLasker
PR feedback
7716b96 
Signed-off-by: steve lasker <stevenlasker@hotmail.com>
@SteveLasker
Merge branch 'steve/issue-169' of https://github.com/veraison/go-cose
ac80b77 
…into steve/issue-169
@SteveLasker @yogeshbdeshpande
Update release-management.md
db63909 
Signed-off-by: steve lasker <stevenlasker@hotmail.com>

Co-authored-by: Yogesh Deshpande <yogesh.deshpande@arm.com>
@SteveLasker
PR feedback
ab602d2 
Signed-off-by: steve lasker <stevenlasker@hotmail.com>
@SteveLasker
Merge branch 'steve/issue-169' of https://github.com/veraison/go-cose
b525b16 
…into steve/issue-169
@SteveLasker
PR feedback
d8609dd 
Signed-off-by: steve lasker <stevenlasker@hotmail.com>
yogeshbdeshpande
yogeshbdeshpande approved these changes Jul 11, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@yogeshbdeshpande yogeshbdeshpande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@SteveLasker SteveLasker merged commit 96ea810 into main Jul 12, 2024
@SteveLasker SteveLasker deleted the steve/issue-169 branch July 15, 2024 16:44
@shizhMSFT shizhMSFT mentioned this pull request Jul 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@OR13 OR13 OR13 approved these changes

@yogeshbdeshpande yogeshbdeshpande yogeshbdeshpande approved these changes

@henkbirkholz henkbirkholz Awaiting requested review from henkbirkholz henkbirkholz is a code owner

@qmuntal qmuntal Awaiting requested review from qmuntal qmuntal is a code owner

@roywill roywill Awaiting requested review from roywill roywill is a code owner

@setrofim setrofim Awaiting requested review from setrofim setrofim is a code owner

@shizhMSFT shizhMSFT Awaiting requested review from shizhMSFT shizhMSFT is a code owner

@SimonFrost-Arm SimonFrost-Arm Awaiting requested review from SimonFrost-Arm SimonFrost-Arm is a code owner

@thomas-fossati thomas-fossati Awaiting requested review from thomas-fossati thomas-fossati is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Document the release process

3 participants

@SteveLasker @OR13 @yogeshbdeshpande