Hi Davide Oh... I guess there is a misunderstanding... don't think anybody wants to make the release process more difficult. Taking our threat model into consideration (once we have one) cannot be the responsibility of the person that cuts the release; at that point it's too late anyway.
What we should do IMO is keep the threat model in mind when we develop new stuff or back port them to a stable branch. We might make a team effort to briefly review our changes from a threat model point of view before we cut a new major release... but in an ideal world that would not be needed if we take care of features as they get developed. Kind regards Angela On 18/09/17 15:15, "Davide Giannella" <[email protected]> wrote: >On 18/09/2017 12:40, Ian Boston wrote: >> can be evaluated >> as part of the release process, ideally before the next stable release. > >I mostly do releases here, let me drop a consideration. Our release >process is already long. Let's not add too much stuff even more, >specially if we have to do it at every release. Otherwise I don't think >we'll be able to cope with the bi-weekly release. > >So let's be considerate about what adding to the release process. > >A word of caution ;) > >Cheers >Davide > >
