[asterisk-dev] Asterisk 1.6 Release Management Proposal

Russell Bryant russell at digium.com
Wed Oct 17 14:29:08 CDT 2007


Russell Bryant wrote:
> 3.2.5   Security Fix
> 
>    1. Commit to the 1.2 branch
>    2. Merge to the 1.4 branch
>    3. Merge to the current 1.6.X branch that is in testing, as well as the
>       past three 1.6.X release branches so that sub releases of those can be
>       made that include the fix.
>         • Note that the number three here is arbitrary. It may change based
>            on what community members would like to see.
>    4. Merge to trunk.

This is one section I would like to bring special attention to.  This part is
still a little bit up in the air.

The question is, what should the rule be as far as security issues are
concerned?  Should we supply patches for
  --> _all_ 1.6.X versions?
  --> only the last N number of 1.6.X versions?
  --> any 1.6.X release made in the past 2 years?

I want to keep everyone happy, but also make sure we don't place an unnecessary
burden on ourselves.  One thing to keep in mind is that security issues don't
come up very often, and the patches for them are generally fairly trivial.

-- 
Russell Bryant
Senior Software Engineer
Open Source Team Lead
Digium, Inc.



More information about the asterisk-dev mailing list