[asterisk-dev] Asterisk 1.6 Release Management Proposal

Daniel Hazelbaker daniel at highdesertchurch.com
Wed Oct 17 17:18:34 CDT 2007 

On Oct 17, 2007, at 2:41 PM, Russell Bryant wrote:

> Daniel Hazelbaker wrote:
>> It seems like this change is more for developers than users...
>
> The issue when it comes to security is that people will have more  
> of a reason to
> stick to 1.6.0 versus upgrading to 1.6.1, because the changes will  
> likely be
> more significant than the things we do between 1.4.X releases.  So,  
> because of
> that, we should probably support multiple 1.6.X releases with  
> security fixes.

Well, I suppose it depends on how ugly you want your release  
announcements to be.  I can see, for example, a security patch once  
we are up to 1.6.7 to be vary ugly.  "We are pleased to announce the  
following versions of Asterisk: 1.6.0.7; 1.6.1.6; 1.6.2.4; 1.6.3.4;  
1.6.4.2; 1.6.5.1; 1.6.6.1 and 1.6.7."  Obviously it is a bit more  
dramatic than it probably would be, but still.  As a developer that  
can't be pretty.  As a user it certainly isn't pretty to figure out  
what version I should be using.  Maybe I am odd man out; I don't  
upgrade on every release of 1.4.x, BUT when I do upgrade I don't  
think I have ever upgraded to 1.4.7 when 1.4.9 was already out.

I would personally still vote for "this version and last" as I still  
see it as a matter of if you want the latest bug fixes, use the  
latest (stable) version. But I can see with that description above  
that there may be people the just don't want to upgrade.  I guess if  
you did something like 6 months or 3 previous releases, whichever is  
least that would be okay.  But I still see confusion in the works and  
users ultimately just upgrading to the most recent stable to get that  
security fix, no matter the version they are using now.

Perhaps a more useful way for the developers to spend time is to make  
sure the security patch CAN be applied to the most recent n number of  
versions and/or provide a patch for each .x release that users can  
apply to their "older" version if they don't wish to upgrade.  I  
realize there are some issues with this method as well, just thinking  
out loud...

Daniel

> Russell Bryant
> Senior Software Engineer
> Open Source Team Lead
> Digium, Inc.

More information about the asterisk-dev mailing list