Add revision history section to SA/EN template
Needs RevisionPublic
Actions

Authored by emaste on Aug 18 2022, 6:55 PM.

Details

Reviewers

markj
delphij
gordon

Group Reviewers

secteam

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

And drop roman numerals, they're needlessly obtuse. May make the "1) To update your system via a binary patch:" confusing, but IMO that section should also be reworked.

I'm not wholly convinced we should add a timeline to EN notices. ENs are really their own thing, we just happen to distribute them together with SAs. Better to avoid adding more friction to EN handling. OTOH, I guess a typical timeline would have two entries: one for the initial report, one for the release, so it's not too bad.

This revision is now accepted and ready to land.Aug 18 2022, 6:58 PM

delphij accepted this revision.Aug 18 2022, 6:58 PM

Whitespace

This revision now requires review to proceed.Aug 18 2022, 7:04 PM

Do we really need a revision history for every EN/SA despite the fact 95% of them will just have the "initial revision"?

website/static/security/advisory-template.txt
25	How about just dropping the Revision History line item and if/when needed, we just put it before the background in a headerless section?
website/static/security/errata-template.txt
25	Same as above

This revision now requires changes to proceed.Aug 22 2022, 2:59 PM

delphij added inline comments.Aug 23 2022, 6:42 AM

website/static/security/advisory-template.txt
25	Other major vendors do not publish revision history (usually they have a "updated" date, if some changes were made after the bulletin is initially published). Note that tools have improved quite a bit since the last template change too (for example, we can easily add a link to the revisions of the advisory file so those who really want to see the difference can get the information there), therefore, removing the whole section in favor of using the `Announced` header sounds reasonable to me.