[docs/security] Update sheriffing documentation.

- Address comments from ccrev.com/c/1602442: - remove "ensure accurate label management" from Marshal instructions, as it's hard to perform and likely is not being done by most of the Marshals. - remove suggestion to reproduce security bugs using a 3rd party website. - Document a new Severity label for V8 issues reported by non-ClusterFuzz. Change-Id: I67a0b85dd5d737646c0cdc57d96a341faab79210 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1623505Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Will Harris <wfh@chromium.org> Commit-Queue: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#662265}

[docs/security] Update sheriffing documentation.
- Address comments from ccrev.com/c/1602442: - remove "ensure accurate label management" from Marshal instructions, as it's hard to perform and likely is not being done by most of the Marshals. - remove suggestion to reproduce security bugs using a 3rd party website. - Document a new Severity label for V8 issues reported by non-ClusterFuzz. Change-Id: I67a0b85dd5d737646c0cdc57d96a341faab79210 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1623505Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Will Harris <wfh@chromium.org> Commit-Queue: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#662265}
34e29379 · Max Moroz · Commit Bot · 40fae484 · 34e29379
Commit 34e29379 authored May 22, 2019 by Max Moroz Committed by Commit Bot May 22, 2019
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

docs/security/sheriff.md docs/security/sheriff.md +5 -5

No files found.
--- a/docs/security/sheriff.md
+++ b/docs/security/sheriff.md
@@ -79,9 +79,6 @@ various important responsibilities:
  * Note: external emails will always come in on security@chromium.org as
    chrome-security@google.com is a Google-only list, but both need to be
    triaged.
-* Ensure [accurate label management](security-labels.md) on bugs, for example
-  applying the correct **Merge-?** and **Restrict-View-?** labels when a bug
-  transitions to **Fixed**.
 * Change bugs status to **Fixed** for those that the developer forgets to
  close. Make sure to read bug comments where developer might point out that it
  needs more CLs, et c. Wait 24 hours before closing ClusterFuzz bugs, to give
@@ -212,6 +209,10 @@ the assessment? Be especially on the lookout for Highs that are really
 Criticals, and Lows that are really Mediums (make sure to account for process
 types and sandbox boundaries).

+**Note:** For V8 issues that weren't reported by ClusterFuzz, please add
+`Security_Needs_Attention-Severity` label alongside the regular
+`Security_Severity-*` label.
+
 #### Step 3. [Label, label, label](security-labels.md).

 Much of Chrome's development and release process depends on bugs having the
@@ -244,8 +245,7 @@ Generally, see [the Security Labels document](security-labels.md).

 ##### Labeling For Chrome On iOS

-* Reproduce using iOS device, desktop Safari, or
-  [Browserstack](http://browserstack.com/).
+* Reproduce using iOS device or desktop Safari.
 * Assign severity, impact, milestone, and component labels.
 * Label **ExternalDependency**.
 * Label **Hotlist-WebKit**. This label is monitored by Apple friends.