Am 2018-02-08 17:54, schrieb Jonathan Riddell:
We had one last 5.8 release scheduled for April but instead we did it
this week and I think the idea of releases as required by security
updates is a sensible way forward.  But for how much longer?  Any
distro packagers have an opinion of how long they'd like it to be

What about: as long as a security patch applies we backport it?

Reasoning: if we look at todays two CVEs we can notice a pattern. The bugs have been around for a "long" time (as all security issues tend to do) and they might have been discovered if someone would have reworked the code. So for new issues it will be either in code not yet present in 5.8 or very likely unchanged since 5.8.


Reply via email to