Re: Security release procedures

From: Julian Foad <julianfoad_at_apache.org>
Date: Wed, 28 Aug 2019 16:26:52 +0100

Stefan Sperling wrote:
> Julian Foad wrote:
>> * Drop the CVE? (steps 8, 15, 16)
>>
>> For cases that are not looking like a very high severity, [...]
>
> Yes. I would be in favour of this.
>
>> * Drop the requirement to roll a release? (steps 12, 13, 14)

> I believe this approach would make things harder for downstream consumers.
> [...] I would prefer a new release, together with an updated CHANGES file
> which documents the problems we fixed. Even if it's a few weeks late.

You make good points.

Then we need to streamline our patch-release process instead.

- Julian
Received on 2019-08-28 17:26:54 CEST

This message: [ Message body ]
Next message: Daniel Shahaf: "Re: Security release procedures"
Previous message: Stefan Sperling: "Re: Security release procedures"
In reply to: Stefan Sperling: "Re: Security release procedures"
Next in thread: Julian Foad: "Re: Security release procedures"
Reply: Julian Foad: "Re: Security release procedures"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]