[openstack-dev] [Ironic] [TC] Discussion: changing Ironic's release model
Jeremy Stanley
fungi at yuggoth.org
Fri May 29 12:19:01 UTC 2015
On 2015-05-29 11:47:36 +0200 (+0200), Thierry Carrez wrote:
[...]
> As far as vulnerability management goes, we already publish the
> "master" fix as part of the advisory, so people can easily find
> that. The only thing the VMT might want to reconsider is: when an
> issue is /only/ present in the master branch and was never part of
> a release, it currently gets fixed silently there, without an
> advisory being published. I guess that could be evolved to
> "publish an advisory if the issue was in any released version".
> That would still not give users of intermediary versions a pure
> backport for their version, but give them notice and a patch to
> apply. I also suspect that for critical issues Ironic would issue
> a new intermediary release sooner rather than later.
This is what we've historically done for master-branch-only projects
anyway, so I don't see it as a new process. Works just fine, but as
you say we should make sure we know at the time of writing the
advisory what the next release version number will be (and hopefully
it comes along shortly after the fix merges so people can just
upgrade to it).
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150529/50351ea2/attachment.pgp>
More information about the OpenStack-dev
mailing list