On 15.07.2019 16:42, George Dunlap wrote: > On 7/15/19 3:23 PM, Jan Beulich wrote: >> On 15.07.2019 16:11, George Dunlap wrote: >>> There was a long discussion about security patches, with the general >>> proposal being that we should cut a point release for every security issue. >> >> Interesting. Looks like in politics that until a decision fits people >> they keep re-raising the point. Iirc on a prior meeting (Budapest?) >> we had settled on continuing with the current scheme. Were there any >> new arguments towards this alternative model? > > Well I don't know if there were any new arguments because I don't > immediately remember the old discussion. Do we have a summary of the > discussion in Budapest, with its conclusions, anywhere?
I don't recall if suitable notes were taken back then; as indicated I'm not even sure which meeting it was at. > The basic idea was that: > > 1. Most distros / packagers are going to want to do an immediate release > anyway. > > 2. Distros generally seemed to be rebasing on top of staging as soon as > the XSA went out anyway (and ISTR this being the recommeneded course of > action) > > So for all intents and purposes, we have something which is, in fact, a > release; all it's missing is a signed tag and a tarball. > > Obviously there are testing implications that would need to be sorted > out before this could become a reality. > > In any case, the ball is in the court of "VOLUNTEER" to write up a > concrete proposal which could be discussed. You'll be able to raise all > your concerns at that point if you want (although having a sketch would > of course be helpful for whoever is writing such a proposal). Sure - I realized soon after having sent the initial reply that perhaps this was the wrong context in the first place to raise my question. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
