Re: Security release procedures
Daniel Shahaf wrote on Thu, 29 Aug 2019 00:44 +00:00:
> I do concede that if we had just a single release format, tarballs,
> that'd be easier on downstreams, but I do not accept that releasing
> patches would place an unreasonable burden on downstreams.
Forgot one thing: the releases have generated parts (configure and swig), so
vulnerabilities that affect these can't easily be released as patches. That's
another reason to continue to release tarballs — for which we should, as Julian
said, streamline the patch release process.
Received on 2019-08-29 02:50:02 CEST
This is an archived mail posted to the Subversion Dev