On Thu, 19 Mar 2026, Gyan Doshi via ffmpeg-devel wrote:
On 2026-03-19 06:02 am, Michael Niedermayer via ffmpeg-devel wrote:
we have written "3 months" for the milestones about fixing security/fuzzer
issues corresponding to the releases:
https://trac.ffmpeg.org/wiki/SponsoringPrograms/STF/2025
and that resulted in March, June and September in the contract.
If people want that changed, we can talk with STF about that.
But if we do that it should happen now not in june
3 months seems too short to warrant a new branch. At least it should be 4
months for a regular cadence.
We actually used a 6 month schedule in the past few years for releases.
The more release branches we have, the more work backporting the security
fixes will be, so I am not really convinced it is a good idea to have
releases too often, 6 month seemed like a good compromise. Especially if
you intend to make an effort to maintain some release branches (are we
still considering x.1 branches LTS?) for an extended period.
As for STF milestones, maybe some more general wording could be used, such
as "fix all reproducible security issues reported until 2026-xx-xx in
git master and the last release branch of ffmpeg".
Regards,
Marton
_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
