On 2016-10-17 03:11 PM, Sona Sarmadi wrote:
Hi all,

From https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance:

/General policies: /

  * /Fixes must go into master first unless they are applicable only to
    the stable branch; if back-porting to an older stable branch, the
    fix should first be applied to the newer stable branches before
    being back-ported to the older branch/

Does anyone know the reason for the policy above i.e. why fixes have to
go to master first?

The kernel has the same policy for -stable kernels. Speaking at a very
high level, it simply ensures that the development of maintenance/stable
branches does not move ahead of master in terms of fixes.

That keeps development focused on the tip, where it belongs (versus
companies/people working in silos for an extended period of time), since
once in master many branches can benefit from it.

1)      It makes more sense at least for users  to get CVE fixes as soon
as possible in the maintenance branches.

There's no implied slow down from the process, stable branches can get them within hours of changes going into master .. depending on how they
various branches are maintained.

2)      Normally the versions are different in master and maintenance
branches so different patches are required.

That's covered in the statement:"unless they are applicable only to the stable branch".
Version skew could mean that a fix isn't appropriate to master, but only
to a -stable branch.

But if someone is submitting a CVE fix to -stable, and only to -stable,
they should indicate that the version in master already contains the
fix (or something similar).





yocto mailing list

Reply via email to