Re: Grace period for 1.13 users to upgrade to 1.14?

From: Julian Foad <julianfoad_at_apache.org>
Date: Fri, 1 May 2020 15:58:10 +0000 (UTC)

In my opinion, although it's "nice" when everyone has clarity on all details of the process, it's just not important to decide this level of detail in advance. It's a fuzzy line and we'll make a reasonable decision if it happens, which it likely won't.

Re. issuing fixes as patches, I think there's no precedent and no grounds for doing so this time. The option of doing so in future for the general case should be raised in a separate thread.

- Julian

1 May 2020 16:39:36 Nathan Hartman <hartman.nathan_at_gmail.com>:

> On Thu, Apr 30, 2020 at 12:47 PM Daniel Shahaf < d.s_at_daniel.shahaf.name > wrote:
>
>
> > danielsh_at_apache.org wrote on Thu, 30 Apr 2020 16:21 -0000:
> >
>
> > I just copied the text we use for 1.9, but there's a distinction: users
> > of 1.9 have had time to upgrade to 1.10 before 1.14.0 becomes GA,
> > whereas users of 1.13 have not. So, should we promise some sort of
> > grace period for users of 1.13.x — i.e., a period following the release
> > of 1.14.0 during which we'll still fix security bugs in 1.13.0?
>
>
> Before I can offer an opinion on that, I have to ask: If that scenario actually occurs, where a security issue is discovered in a release line very soon after it goes EOL, does the fix have to be an actual *release* with all the process that implies, or can it just be a (signed) patch?
>
>
> Nathan
>
>
>
>
>
>
>
Received on 2020-05-01 17:58:12 CEST

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]