Stefan Sperling wrote:
Julian Foad wrote:
* Drop the CVE? (steps 8, 15, 16)
For cases that are not looking like a very high severity, [...]
Yes. I would be in favour of this.
* Drop the requirement to roll a release? (steps 12, 13, 14)
I believe this approach would make things harder for downstream consumers.
[...] I would prefer a new release, together with an updated CHANGES file
which documents the problems we fixed. Even if it's a few weeks late.
You make good points.
Then we need to streamline our patch-release process instead.
- Julian
