Skip to content

docs: weekly audit — CHANGELOG [Unreleased]: release pipeline, PKI + CT advisories#14

Closed
krakenhavoc wants to merge 1 commit into
mainfrom
docs/exciting-fermat-8sdo5x
Closed

docs: weekly audit — CHANGELOG [Unreleased]: release pipeline, PKI + CT advisories#14
krakenhavoc wants to merge 1 commit into
mainfrom
docs/exciting-fermat-8sdo5x

Conversation

@krakenhavoc

@krakenhavoc krakenhavoc commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Documentation Audit — Week of 2026-06-02

Gap identified

CHANGELOG.md had an empty [Unreleased] section despite three meaningful changes since v1.1.0, and a new PKI advisory emerged this week:

  1. The release workflow was restricted to tag-triggered runs (v*.*.* pattern) — undocumented.
  2. SC-098v2 (CA/B Forum ballot, RFC 8657 CAA accounturi/validationmethods mandatory March 2027) — no advisory.
  3. Chrome EKU separation (2026-06-15, Let's Encrypt unaffected) — no advisory.
  4. CT mandatory logging (2026-06-15, DigiCert opt-outs removed 2026-06-01) — new this week, no advisory.

Changes in this PR

  • CHANGELOG.md — populated [Unreleased] with:
    • Release Pipeline: restricted trigger pattern (v*.*.*), structured release notes, make_latest: true
    • PKI Advisory — SC-098v2: enforcement date, impact on dns-01 challenges, recommended CAA record update
    • PKI Advisory — Chrome EKU Separation: what changed, which CAs are affected, confirmation that Let's Encrypt is unaffected
    • PKI Advisory — CT Mandatory Logging: Chrome enforcement June 15, DigiCert opt-out removal June 1, Let's Encrypt already compliant

Suggested version bump

No functional code changes in this audit window. The next release after documenting these additions is v1.2.0 (minor: new release-pipeline behaviour).

Supersedes

Open draft PR #13 (cert-action) — this PR covers all gaps noted in #13 plus CT mandatory logging advisory.


Weekly documentation audit — 2026-06-09

…CT advisories

Populate empty [Unreleased] section:
- Release workflow restricted to v*.*.* tag-triggered runs
- PKI Advisory: SC-098v2 CAA RFC 8657 (March 2027 enforcement)
- PKI Advisory: Chrome EKU separation (effective 2026-06-15)
- PKI Advisory: CT mandatory logging (effective 2026-06-15, DigiCert opt-outs removed 2026-06-01)

Suggested next release: v1.2.0
@krakenhavoc

Copy link
Copy Markdown
Contributor Author

Closing: superseded by #15 (latest weekly audit)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant