Heads up on security release planed for 6 Feb 2024
RafaelGSS opened this issue · comments
As per the Node.js security release process, this is the FYI that there is going to be a security release on 6 Feb 2024.
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
I can be available to lock/unlock the CI. How long/far in advance do you need the CI locked down for?
FWIW the security release process template says on "Release day" which I don't think we've ever done. The Build WG's documentation says "About 24 hours before a release is published", which was correct in the past but I think more recent security releases have locked the CI down for longer.
Posted https://github.com/nodejs/collaborators/discussions/186 to announce the pending lockdown and pinned it.
I've locked down the CI now. I'll update the instructions tomorrow -- Jenkins has moved the theming out of https://ci.nodejs.org/manage/configure to https://ci.nodejs.org/manage/appearance.
I disabled https://github.com/nodejs/node/actions/workflows/auto-start-ci.yml to prevent error messages being posted back to any PRs that apply the request-ci
label.
I've locked down the CI now. I'll update the instructions tomorrow -- Jenkins has moved the theming out of https://ci.nodejs.org/manage/configure to https://ci.nodejs.org/manage/appearance.
Updated instructions #3627
Access has been explicitly granted to @marco-ippolito (#3628). The entry in the security matrix should be removed when unlocking the CI (as he'd normally have access as a collaborator).
CI is now unlocked.