search

apache / security-vulnogram

Vulnogram is a tool for creating and editing CVE information in CVE JSON format
https://vulnogram.github.io/
MIT License
5 stars 4 forks source link

Split REVIEW state #57

Open iamamoose opened 1 year ago

iamamoose commented 1 year ago

Split REVIEW state: Since states are our internal state and not Mitres state and can be anything, we could always have a PMC-REVIEW vs SECURITY-REVIEW to make it clear who has the action of doing the review. This is because some PMC's like to have the REVIEW state as part of their process and that makes sense.

This way we could also enforce the state changes (i.e. can't leave security-review without someone in security doing the state change)

iamamoose commented 1 year ago

this change needs to be done in a larger context of changes to the state workflow. what states are needed, when and who moves between them, acl's on those changes, notifications on those changes (etc)

iamamoose commented 1 year ago

replaces: https://github.com/apache/security-vulnogram/issues/42

iamamoose commented 1 year ago

replaces: https://github.com/apache/security-vulnogram/issues/41

raboof commented 1 year ago

(I moved the 'overall' changes to an 'umbrella' ticket at #61 and renamed this one back to 'Split REVIEW state')