[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] security bugs and release

On 25/06/2013 18:07, Agostino Sarubbo wrote:
> Hello,
> I'd like to know why when there is a new advisory you just release a patch 
> instead of a new release.
> This, in my opinion creates only confusion. For example, if I'm running 4.2.1 
> I don't exatly know which patches have been applied. If you say, this is 
> fixed 
> in 4.2.2 I know that if I'm run that version, I'm fine.
> Is there a real reason because you don't make a new release?

I would be interested if you could provide examples of upstream projects
which do issues brand new releases for every security fix, rather than
applying the patch(es) to appropriate stable trees.  Downstream distros
certain do issue hotfixes/updates when they deem appropriate.

If there is any confusion regarding patches and versions, please refer
to http://wiki.xen.org/wiki/Security_Announcements which provides all
details (although I note it is out of date with respect to XSA-57).


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.