From db741598283019b0b4e2e13ba5f525275a2c05eb Mon Sep 17 00:00:00 2001
From: Nikhil George <ngeorge@gitlab.com>
Date: Mon, 6 Mar 2023 09:12:26 +0000
Subject: [PATCH] Update assignment to release bot

---
 general/security/developer.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/general/security/developer.md b/general/security/developer.md
index da26a72d..ffdec034 100644
--- a/general/security/developer.md
+++ b/general/security/developer.md
@@ -94,11 +94,10 @@ Once an eligible confidential security issue is assigned to a developer:
    * Merge requests on [GitLab Security] follow the same [code review and approval](#code-reviews-and-approvals) process as any other change.
      * Note: The security repos have a setting enabled to remove existing approvals when a new commit is pushed. If you push changes during the approval process, you will need to ping anyone who previously approved the MR and ask for re-review and re-approval.
    * Additionally, the merge request targeting the default branch needs to be approved by an AppSec team member. See the [code reviews and approval](#code-reviews-and-approvals) section for details on who to ping.
-4. Once the merge request targeting the default branch is approved according to our Approval guidelines and by an AppSec team member, the
-   engineer can proceed to prepare the [backports](#backports)
+4. Once the merge request targeting the default branch is approved according to our Approval guidelines and by an AppSec team member, they must be assigned to `@gitlab-release-tools-bot` and the engineer can proceed to prepare the [backports](#backports).
 5. [Backports](#backports) need to be approved by the same maintainer that reviewed and approved the merge request targeting the default branch.
    * It's not required for the backports to have the AppSec approval.
-6. Once the merge request targeting the default branch and the backports are ready, they must be assigned to `@gitlab-release-tools-bot`.
+6. Once the merge request targeting the backports are ready, they must be assigned to `@gitlab-release-tools-bot`.
    * Since the release managers merge the merge requests during the preparation of the security release, you can now sit back & relax.
    * You will be notified by a release manager if there is an issue with one or more of your MRs.
 
-- 
GitLab