|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] security bugs and release
On Wed, Jun 26, 2013 at 10:21:34AM +0100, Ian Campbell wrote: > > > Is there a real reason because you don't make a new release? > > People who deploy and run production systems want a timely, targeted and > low risk fix for a security issue, which they can be confident of > deploying quickly, with a minimum of disruption to their service and > with the lowest possible chance of breakage. A new release would > necessarily contain other fixes not related to the security issue and > therefore takes longer to produce and longer to test and deploy in order > to reach the same level of confidence. > I think what he meant is why not release a new version with only security patches in it, so if the current Xen version is 4.2.2, and there's a new security issue being found, Xen project would release Xen 4.2.3 with *only* the security fix(es) added on top of 4.2.2. Some projects do that, others don't. Personally I don't have a problem with the current model of only adding the security fixes to stable branches, without a new tarball release. -- Pasi _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |