From c2a7890090944d8c312f367ff376105de6cec6e9 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Fri, 3 Nov 2017 14:30:25 -0700
Subject: [PATCH] Update any-announce.md
---
doc/any-announce.md | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/doc/any-announce.md b/doc/any-announce.md
index 08235e4..e8c6775 100644
--- a/doc/any-announce.md
+++ b/doc/any-announce.md
@@ -2,11 +2,16 @@
## Security announcements
-Liaise with security team, and with a JIRA search for any issues in this release which are Security: Unpublished. They should all be marked as an appropriate status of Done/Fixed at time of release or have their version number bumped to unscheduled or next release rc. If there are matches of Unpublished completed issues for the version being released,
+Consult the "Security and Release Planning" spreadsheet and check the security items which are marked for this release:
- * A security advisory node for each security fix must be ready to be published on https://civicrm.org
- * A security advisory CiviMail must be ready to be sent to members of group Security Notifications ([more information](https://civicrm.org/security))
- The release must be made within the security release window.
+* Verify that each advisory is published. Ensure that the advisory's date matches the current date and the author is `dev-team`. (Tip: To ensure pleasant order, set the time as `12:00:{advisorynumber}`.) Browse https://civicrm.org/advisory
+* Verify that each JIRA issue is closed (Done/Fixed) with appropriate version#. Leave the security level as "Security: Unpublished".
+
+Next, prepare a mail blast in CiviMail. The message should:
+
+* Use the template below
+* Link to each security advisory (Tip: Double-check these links. During the writing/editing process, the URL may change whenever fixes a problem in the advisory title.)
+* Send the blast to members of the group "Security Notifications" ([more information](https://civicrm.org/security))
Example announcement template:
--
GitLab