[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security release procedures

From: Julian Foad <julianfoad_at_apache.org>
Date: Wed, 28 Aug 2019 16:26:52 +0100

Stefan Sperling wrote:
> Julian Foad wrote:
>> * Drop the CVE? (steps 8, 15, 16)
>>
>> For cases that are not looking like a very high severity, [...]
>
> Yes. I would be in favour of this.
>
>> * Drop the requirement to roll a release? (steps 12, 13, 14)

> I believe this approach would make things harder for downstream consumers.
> [...] I would prefer a new release, together with an updated CHANGES file
> which documents the problems we fixed. Even if it's a few weeks late.

You make good points.

Then we need to streamline our patch-release process instead.

- Julian
Received on 2019-08-28 17:26:54 CEST

This is an archived mail posted to the Subversion Dev mailing list.