Document the effect of CI outages on releases (#12521)

* Document the effect of CI outages on releases

Clearly specify in our documentation that we are entirely subject to the
shims of Azure and Gi

Document the effect of CI outages on releases (#12521)

* Document the effect of CI outages on releases

Clearly specify in our documentation that we are entirely subject to the
shims of Azure and GitHub Actions. If they're down we just simply can't
do a release and there's nothing we can do about it. Document this both
for ourselves and for external users to understand our own limitations.
An offer is made as well in case a company is willing to donate
resources (e.g. money or engineering) to improve the situation as well.

* Update docs/stability-release.md

Co-authored-by: Nick Fitzgerald <[email protected]>

---------

Co-authored-by: Nick Fitzgerald <[email protected]>

show more ...

Adjust vulnerability runbook to not open PR version bumps (#11919)

Historically this was needed to give some time to figure out CI issues,
if any. Nowadays though we test all release branches weekly

Adjust vulnerability runbook to not open PR version bumps (#11919)

Historically this was needed to give some time to figure out CI issues,
if any. Nowadays though we test all release branches weekly to ensure
their CI is running so any failures should be at most a week old. Given
that there's no need to open version bumps ahead of time. This also
avoids leaking information in advance disclosure about affected versions
which narrows the range of the where the bug could be.

show more ...

Fix a missing link in the vulnerability runbook (#10818)

Add RustSec filing to our advisory process (#10708)

All our historical advisories have now been back-filled and it has been
ok'd to have a mostly empty description that points to the GitHub
advisori

Add RustSec filing to our advisory process (#10708)

All our historical advisories have now been back-filled and it has been
ok'd to have a mostly empty description that points to the GitHub
advisories we publish in this repository. Update the runbook process
with a final step mentioning RustSec.

Closes #10344

show more ...

Add documentation for Wasmtime's LTS releases (#10481)

* Add documentation for Wasmtime's LTS releases

With Wasmtime's [LTS
releases](https://github.com/bytecodealliance/rfcs/pull/42) this commit
d

Add documentation for Wasmtime's LTS releases (#10481)

* Add documentation for Wasmtime's LTS releases

With Wasmtime's [LTS
releases](https://github.com/bytecodealliance/rfcs/pull/42) this commit
documents the various process changes and updates to our release
process. Additionally some improvements are made to the release
documentation with respect to showing current versions.

* Refactor some backport criteria docs

* Review comments

show more ...

Document a Wasmtime-specific vulnerability runbook (#9433)

This commit codifies the process [documented
here](https://github.com/bytecodealliance/rfcs/blob/main/accepted/vulnerability-response-runbo

Document a Wasmtime-specific vulnerability runbook (#9433)

This commit codifies the process [documented
here](https://github.com/bytecodealliance/rfcs/blob/main/accepted/vulnerability-response-runbook.md)
in the Wasmtime repository as it relates to Wasmtime itself. There's
also a few minor changes from recent advisories such as:

* We'll no longer use the publish-the-changes-from-the-advisory feature
from GitHub. That basically just doesn't work any more.
* PRs will instead be manually created to have CI run on them to weed
out any issues.
* Details about preparing the `main` branch ahead of the release are
interleaved with the rest of the runbook.

The intention is to supplement the official runbook with
Wasmtime-specific information and flesh out a few minor steps we're
following that are "extra" here too.

show more ...