Julian Foad wrote:
I handled two security fixes in the recent set of patch releases. It was
the first time I had done it and the procedures were rather less than
push-of-a-button simple to follow.
1. We should move as much as possible of the scripts and documentation
that exists in a private repo, into a public place.
Some of the info is now moved to
http://subversion.apache.org/docs/community-guide/issues.html#security
since
http://svn.apache.org/r1866117
Info on how we do pre-notification is still in the private repo and
should also be published (but the list of recipients should not).
- Julian
