> -----Original Message----- > From: Patricia Shanahan [mailto:p...@acm.org] > Sent: Friday, August 12, 2016 13:55 > To: dev@openoffice.apache.org > Subject: Re: Planning for emergency releases > > > > On 8/12/2016 1:40 PM, Dennis E. Hamilton wrote: > >> -----Original Message----- From: Patricia Shanahan > >> [mailto:p...@acm.org] Sent: Thursday, August 11, 2016 11:07 To: > >> dev@openoffice.apache.org Subject: Re: Planning for emergency > >> releases > >> > > [ ... ] > >> > >> Meanwhile, it is interesting for contemplating a ready-to-release > >> strategy. We would need to pick a step at which to hold a release > >> that minimizes the time to put in one critical fix and ship it. > > [orcmid] > > > > It strikes me that an always-existing candidate for a ready to > > release is the last-previous stable release. > > > > The biggest reason is that there only needs to be regression testing, > > since it is presumably well-established that said release is stable > > and that has been confirmed on the ground by the success of users. > > > > There could be something else that is close, but it strikes me that > > would probably be a pending maintenance release that is basically > > about bug fixes and any simple things. > > > > I note that, for changing the installer, something we would like to > > do, the rebuild of a stable release at least needs to be done and > > checked to see that the install produces the same result. If that > > were tested to satisfaction, it would also qualify as a > > ready-to-release base without having to be put in the wild. > > Personally, I would like to treat the last stable release as the base > for emergency fixes. I started out suggesting using the current patch as > an exercise to work through the process for doing that. > > However, I have seen a lot of push back on the idea of ever doing a > release that only has one change. [orcmid]
Yes. It might be necessary to do triage - choose highly-vulnerable platforms, common languages, etc. And, if we are talking about an unpatched vulnerability with an exploit in the wild, I don't think the ASF Board will be sympathetic to our reticence. I agree that we do need to do fire drills simply to be able to respond when an emergency arises. - Dennis > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
