Hi
Regarding ansible release information, I don’t see any dedicated security announcement mailing list.
Also the functionality that GitHub offers through the project’s security advisory page seems to be unused:
https://github.com/ansible/ansible/security/advisories
The general release notes tend to be rather long and hence it’s harder to sieve out security fixes.
Is there maybe some dedicated channel somewhere else that carries security related content of ansible releases?
Thx
FWIW release changelogs do have a dedicated section for security
fixes, for example see:
https://github.com/ansible/ansible/blob/stable-2.11/changelogs/CHANGELOG-v2.11.rst#security-fixes.
Thanks,
Martin
Yes, I see that now, thx.
What would be the best way of receiving only these release notes?
Some background, I'd like to have a security team being aware of
available security updates for software that is used.
The way to achieve this varies per software, some have dedicated
security announcement lists (ideal as this is exactly the information
that is needed).
For some you can "watch" their "Security alerts" or "Releases" on
github.com (also OK). For example:
https://github.com/prometheus/prometheus/security/advisories
https://github.com/prometheus/prometheus/releases/tag/v2.27.1
But for ansible, neither of these appear to contain actual content:
https://github.com/ansible/ansible/releases/tag/v2.11.1
https://github.com/ansible/ansible/security/advisories.
Subscribing the security team to _this_ list isn't practical because
the volume is too high.
Using/populating the relevant github "Release" data would already be a
big improvement
thx
Dick