This is an automated email from the ASF dual-hosted git repository.
wave pushed a commit to branch simplify-phases
in repository https://gitbox.apache.org/repos/asf/tooling-docs.git
The following commit(s) were added to refs/heads/simplify-phases by this push:
new bb90f08 Create cve-process.md
bb90f08 is described below
commit bb90f08845129724c4b8a7ba05bab8eb0ec3c492
Author: Dave Fisher <[email protected]>
AuthorDate: Mon Feb 3 10:32:25 2025 -0800
Create cve-process.md
---
apache-trusted-release/cve-process.md | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/apache-trusted-release/cve-process.md
b/apache-trusted-release/cve-process.md
new file mode 100644
index 0000000..08b394c
--- /dev/null
+++ b/apache-trusted-release/cve-process.md
@@ -0,0 +1,7 @@
+# Update SBOMs - CVE Process "Phase"
+
+When CVEs are announced there needs to be co-ordination between Security's
cveprocess.apache.org and the ATR.
+
+For every impacted release with an SBOM the SBOMs will need to be updated.
+
+> Note where this is an explicit phase or not depends on integration
discussions with the security team.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
