<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Apr 14, 2015 at 11:37 AM, Matthew Jordan <span dir="ltr"><<a href="mailto:mjordan@digium.com" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=mjordan@digium.com&cc=&bcc=&su=&body=','_blank','location=yes,menubar=yes,resizable=yes,width=800,height=600');return false;">mjordan@digium.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello!<br>
<br>
As you know, 1.8 and 12 are in security fix only mode. Generally, that<br>
would normally mean that releases made from those branches would only<br>
ever be made from the previous tag, ensuring that the only changes in<br>
the versions are specific to the security issues being resolved.<br>
<br>
However, since we've moved to Git, there are a few things that needed<br>
to be merged into those branches for them to be useful. That includes<br>
a minimum amount of Git support (.gitignore files, for example). More<br>
generally, that also included menuselect, as those branches previously<br>
relied on svn:externals to pull menuselect in.<br>
<br>
That begs the question: the next time we make a release of 1.8/12 for<br>
security reasons, what is the release? And what should it be called?<br>
<br>
I can see a few different options:<br>
<br>
* The next release is <a href="http://1.8.32.4/12.8.3" target="_blank">1.8.32.4/12.8.3</a>, but is made from the branch and<br>
contains the menuselect/git changes.<br>
<br>
* We make a special, one-time only, bug fix release of 1.8/12<br>
containing the menuselect/git changes, with a note of why it was made.<br>
Those releases would go out as 1.8.33.0 and 12.9.0.<br>
<br></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">* We don't make a special bug-fix release, but instead the next<br>
security release is made as <a href="http://1.8.33.0/12.9.0" target="_blank">1.8.33.0/12.9.0</a> and contains both the<br>
menuselect/Git changes as well as the security release changes.<br></blockquote><div><br></div><div>Yes. I don't think there's a need to spam users with a release that really</div><div>doesn't do anything for them, let alone have security implications.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Note that in any of the cases mentioned above, the UPGRADE notes will<br>
clearly state what has changed in the version, including the<br>
menuselect alterations.<br>
<br>
Thoughts? Suggestions? Flames?<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Matthew Jordan<br>
Digium, Inc. | Director of Technology<br>
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA<br>
Check us out at: <a href="http://digium.com" target="_blank">http://digium.com</a> & <a href="http://asterisk.org" target="_blank">http://asterisk.org</a><br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br>
</font></span></blockquote></div><br></div></div>