[asterisk-dev] Asterisk 1.6 Release Management Proposal

Michiel van Baak michiel at vanbaak.info
Wed Oct 17 15:24:39 CDT 2007


On 14:29, Wed 17 Oct 07, Russell Bryant wrote:
> Russell Bryant wrote:
> > 3.2.5   Security Fix
> > 
> >    1. Commit to the 1.2 branch
> >    2. Merge to the 1.4 branch
> >    3. Merge to the current 1.6.X branch that is in testing, as well as the
> >       past three 1.6.X release branches so that sub releases of those can be
> >       made that include the fix.
> >         ??? Note that the number three here is arbitrary. It may change based
> >            on what community members would like to see.
> >    4. Merge to trunk.
> 
> This is one section I would like to bring special attention to.  This part is
> still a little bit up in the air.
> 
> The question is, what should the rule be as far as security issues are
> concerned?  Should we supply patches for
>   --> _all_ 1.6.X versions?
>   --> only the last N number of 1.6.X versions?
>   --> any 1.6.X release made in the past 2 years?

Right now we are putting security patches in 1.2
That one is in 'security mode only'
So I think it's fair to provide patches to all versions of
the current 'stable' version. That will mean all 1.6.X
versions.

> 
> I want to keep everyone happy, but also make sure we don't place an unnecessary
> burden on ourselves.  One thing to keep in mind is that security issues don't
> come up very often, and the patches for them are generally fairly trivial.

which will probably mean a patch for 1.6.0 will also apply
to most 1.6.X versions (I think)

-- 

Michiel van Baak
michiel at vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD

"Why is it drug addicts and computer afficionados are both called users?"




More information about the asterisk-dev mailing list