On 7/15/19 3:23 PM, Jan Beulich wrote: > On 15.07.2019 16:11, George Dunlap wrote: >> There was a long discussion about security patches, with the general >> proposal being that we should cut a point release for every security issue. > > Interesting. Looks like in politics that until a decision fits people > they keep re-raising the point. Iirc on a prior meeting (Budapest?) > we had settled on continuing with the current scheme. Were there any > new arguments towards this alternative model?
Well I don't know if there were any new arguments because I don't immediately remember the old discussion. Do we have a summary of the discussion in Budapest, with its conclusions, anywhere? The basic idea was that: 1. Most distros / packagers are going to want to do an immediate release anyway. 2. Distros generally seemed to be rebasing on top of staging as soon as the XSA went out anyway (and ISTR this being the recommeneded course of action) So for all intents and purposes, we have something which is, in fact, a release; all it's missing is a signed tag and a tarball. Obviously there are testing implications that would need to be sorted out before this could become a reality. In any case, the ball is in the court of "VOLUNTEER" to write up a concrete proposal which could be discussed. You'll be able to raise all your concerns at that point if you want (although having a sketch would of course be helpful for whoever is writing such a proposal). -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel