propose an MR with detailed guidance on data/next-point-update.txt
As discussed during the recent LTS monthly meeting, we need more detailed documentation related to the LTS Team using data/next-point-update.txt
as a way to reduce the possibility of conflicting/duplicate work on eventual SPUs.
Here is the section of the meeting notes pertaining to this topic:
- Discussion: CVEs and upload conflict (Roberto/Santiago)
- Detailed process discussion (Guilhem)
- The security team (jmm) says we can use security-tracker:data/next-point-update.txt file (specific to track the pending SPU uploads), to notify the security-team that an update is in progress by us to fix issues, even if SRM didn't accept the update yet. This is to avoid conflict with the security team if they also prepare an update and didn't notice all the current WIP PU.
- We could also file a bug against the package we're update to ensure there's awareness, for the maintainer and the security team, as soon as our work starts (may be using a specific user tag ?)
- Action: [guilhem] propose an MR with detailed guidance on data/next-point-update.txt