doc: fix order of announce work

mhdawson · targos · commit 75288fbc6b1b · 2021-11-21T16:07:31.000+01:00
- Since we now just reference the nodejs blog post in the post to the nodejs-sec mailing list, change the order so the blog post comes first Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #40725 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Voltrex <mohammadkeyvanzade94@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
diff --git a/doc/guides/security-release-process.md b/doc/guides/security-release-process.md
@@ -47,6 +47,10 @@ information described.
       having duplicate CVEs for the same vulnerability.
   * Described in the pre/post announcements
 
+* [ ] Pre-release announcement to nodejs.org blog: _**LINK TO BLOG**_
+  (Re-PR the pre-approved branch from nodejs-private/nodejs.org-private to
+  nodejs/nodejs.org)
+
 * [ ] Pre-release announcement [email][]: _**LINK TO EMAIL**_
   * Subject: `Node.js security updates for all active release lines, Month Year`
   * Body:
@@ -62,10 +66,6 @@ The google groups UI does not support adding a CC, until we figure
 out a better way, forward the email you receive to
 `oss-security@lists.openwall.com` as a CC.
 
-* [ ] Pre-release announcement to nodejs.org blog: _**LINK TO BLOG**_
-  (Re-PR the pre-approved branch from nodejs-private/nodejs.org-private to
-  nodejs/nodejs.org)
-
 * [ ] Create a new issue in [nodejs/tweet][]
   ```text
   Security release pre-alert:
@@ -104,6 +104,10 @@ out a better way, forward the email you receive to
 
 * [ ] [Unlock CI](https://github.com/nodejs/build/blob/HEAD/doc/jenkins-guide.md#after-the-release)
 
+* [ ] Post-release announcement to Nodejs.org blog: _**LINK TO BLOG POST**_
+  * (Re-PR the pre-approved branch from nodejs-private/nodejs.org-private to
+    nodejs/nodejs.org)
+
 * [ ] Post-release announcement in reply [email][]: _**LINK TO EMAIL**_
   * CC: `oss-security@lists.openwall.com`
   * Subject: `Node.js security updates for all active release lines, Month Year`
@@ -113,10 +117,6 @@ out a better way, forward the email you receive to
   For more information see: https://nodejs.org/en/blog/vulnerability/month-year-security-releases/
   ```
 
-* [ ] Post-release announcement to Nodejs.org blog: _**LINK TO BLOG POST**_
-  * (Re-PR the pre-approved branch from nodejs-private/nodejs.org-private to
-    nodejs/nodejs.org)
-
 * [ ] Create a new issue in [nodejs/tweet][]
   ```text
   Security release:
