<quote name="Ryan Lane" date="2014-02-20" time="14:37:01 -0800"> > Note that unless you're willing to keep up to date with WMF's relatively > fast pace of branching, you're going to miss security updates. No matter > what, if you use git you're going to get security updates slower, since > they are released into the tarballs first, then merged into master, then > branches (is this accurate?). Sometimes the current WMF branch won't even > get the security updates since they are already merged locally onto > Wikimedia's deployment server.
That's a good point, with one small clarification/rewording: Someone who's following wmfXX branches will get the security fixes the next branch after the tarball is released. That's usually with in the working week (we tend to release tarballs on Mon/Tues, with new branches on Thursday). So, yes, if you're pacing behind on the wmfXX branches, you'll want to take note of security releases and backport patches as appropriate (all security bugs have single patches attached to the Bugzilla report, and those are made public after the tarball is released). Greg -- | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | | identi.ca: @greg A18D 1138 8E47 FAC8 1C7D | _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
