Forget to mention that the suggestion isn't required to be included in this 1.4.1 do release.
On Thu, 7 Nov 2024 at 16:36, Sammi Chen <sammic...@apache.org> wrote: > Thanks for the info, Nanda. > I try to understand this. So "white_check_mark" means we will have new > dot releases once any CVE is found on this release version. > Currently only the last minor release(1.x, 2.x) has this support. We drop > the support for all previous releases. Is this the rule we follow now? > If this is the case, I would suggest that we add a clear statement about > the rule in SECURITY.md or somewhere on Ozone website. > Based on the above rule, dot releases, such as 1.4.x, seem not be the > target of the "white_check_mark" flag. > > On Thu, 7 Nov 2024 at 14:20, Nandakumar <na...@apache.org> wrote: > >> > >> > Does anyone know what this "white_check_mark" means? >> >> My understanding is that the "white_check_mark" denotes that the >> particular >> release is currently supported and the user can expect minor releases with >> security fixes. >> This means if there are any security issues identified in the supported >> release we should fix and make a new security/minor release from that >> branch. >> >> I'm ok with either having this in the SECURITY.md file or tracking this in >> the Ozone website. (We can even do both) >> >> Old discussion on supported version: >> https://lists.apache.org/thread/9zw8v6lv7ogk4rj4yqyt10g0gwtrf60v >> >> >> >> On Thu, Nov 7, 2024 at 11:00 AM Sammi Chen <sammic...@apache.org> wrote: >> >> > Does anyone know what this "white_check_mark" means? >> > Do we really need this "Version, Supported" table in this SECURITY.md >> file, >> > can we remove it? >> > >> > On Thu, 7 Nov 2024 at 00:55, Ethan Rose <er...@apache.org> wrote: >> > >> > > Yes we should add a step in the guide to update the security file with >> > the >> > > current release when a new one goes out. Thanks Nanda for catching >> this. >> > I >> > > had been tracking updates required to the guide as part of this >> release >> > > process locally but hadn't shared anything yet. I just filed >> HDDS-11654 >> > > <https://issues.apache.org/jira/browse/HDDS-11654> so we can keep >> track >> > of >> > > the updates we should make to the guide when the release goes out. >> > > >> > > On Wed, Nov 6, 2024 at 10:22 AM Xi Chen <che...@apache.org> wrote: >> > > >> > > > Hi Nanda >> > > > Thanks for your check and suggestions >> > > > >> > > > Q: The code name for the release is still set to "Hot Springs" >> which is >> > > of >> > > > 1.4.0, should we use a new name for 1.4.1? >> > > > >> > > > A: Currently, Ozone only changes the national park tag when it >> releases >> > > > the master branch, The minor branch release maintains the national >> park >> > > tag >> > > > unchanged. e.g. Both the national park tags for ozone-1.2 and >> > ozone-1.2.1 >> > > > are “Glacier”. >> > > > So ozone-1.4.1 should keep the national park tag unchanged ("Hot >> > Springs" >> > > > ). >> > > > >> > > > Q: 1.4.1 release information is missing in ·, The SECURITY.md file >> > should >> > > > be updated with 1.4.1 details. >> > > > >> > > > A: Currently we don't seem to be updating “SECURITY.md” as part of a >> > new >> > > > release, I can't find any steps for updating “SECURITY.md” in the >> > > > >> > > >> > >> https://ozone-site-v2.staged.apache.org/docs/developer-guide/project/release-guide/ >> > > > Last updated SECURITY.md is >> > > > https://issues.apache.org/jira/browse/HDDS-10214 >> > > > Do we need to update “SECURITY.md” every time we release a new >> version? >> > > if >> > > > so we should add this step to the Apache Release Manager Guide >> > > > >> > > > Xi Chen >> > > > >> > > > >> > > > >> > > > On 2024/11/05 13:37:37 Nandakumar wrote: >> > > > > Thanx Xi Chen for driving the release. >> > > > > >> > > > > - Verified checksums >> > > > > - Verified signatures >> > > > > - Built from source >> > > > > - Checked docs are included in the release artifact >> > > > > - Branch structure in GitHub looks good >> > > > > - Checked 'ozone version' output >> > > > > * The code name for the release is still set to "Hot Springs" >> > > > > which is of 1.4.0, should we use a new name for 1.4.1? >> > > > > - 1.4.1 release information is missing in SECURITY.md >> > > > > * The SECURITY.md file should be updated with 1.4.1 details. >> > > > > >> > > > > -Nanda >> > > > > >> > > > > On Tue, Nov 5, 2024 at 3:50 PM mrchenx <mrch...@126.com> wrote: >> > > > > > >> > > > > > Dear Ozone Devs, As discussed in the last email, I am calling >> > for >> > > a >> > > > vote on Apache Ozone 1.4.1 RC2. >> > > > > > We have released 1.4.0 on Jan 19th. Now there are 223 new >> > commits >> > > > already landed on 1.4.1 branch, Includes Ratis upgrade (upgrade to >> > Ratis >> > > > 3.1.1), some bug fixes, as well as performance optimizations, and >> some >> > > > necessary dependencies. I am calling for a vote on Apache Ozone >> > 1.4.1 >> > > > RC2. - The RC2 tag can be found on Github at: >> > > > > > - >> > > https://github.com/apache/ozone/releases/tag/ozone-1.4.1-RC2 >> > > > > > - 223 Jiras were cherry-pick for ozone-1.4.1 >> > > > > > - >> > > > >> > > >> > >> https://issues.apache.org/jira/issues/?jql=project%20%3D%20HDDS%20AND%20fixVersion%20%3D%201.4.1 >> > > > > > - The source and binary tarballs can be found at: >> > > > > > - >> https://dist.apache.org/repos/dist/dev/ozone/1.4.1-rc2/ >> > > > > > - Maven artifacts are staged at: >> > > > > > - >> > > > >> https://repository.apache.org/content/repositories/orgapacheozone-1025 >> > > > > > - The public key used to sign the artifacts can be found at: >> > > > > > - https://dist.apache.org/repos/dist/release/ozone/KEYS >> > > > > > - The fingerprint of the key used to sign the artifacts is: >> > > > > > - 0D8C19F5514E2786007936F758C87003FF9A1A38 >> > > > > > The vote will run for 7 days, ending on Nov 12th 2024. >> > > > > > >> > > > > > Thanks >> > > > > > >> > > > > > Xi Chen >> > > > > >> > > > > >> --------------------------------------------------------------------- >> > > > > To unsubscribe, e-mail: dev-unsubscr...@ozone.apache.org >> > > > > For additional commands, e-mail: dev-h...@ozone.apache.org >> > > > > >> > > > > >> > > > >> > > > >> --------------------------------------------------------------------- >> > > > To unsubscribe, e-mail: dev-unsubscr...@ozone.apache.org >> > > > For additional commands, e-mail: dev-h...@ozone.apache.org >> > > > >> > > > >> > > >> > >> >
