|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] security bugs and release
On Wednesday 26 June 2013 10:21:34 Ian Campbell wrote: > A new point release will rollup all the applicable security updates > issued before that point. > > In addition all of our releases are tagged in version control, so you > can trivially find out what went into it. > > You could also just run the latest stable-X.Y branch from xen.git. I > wouldn't personally recommend doing so in production but it seems to be > a good fit for your requirements. I'm not a xen user. I manage and coordinate the security bugs on Gentoo Linux. > > > Is there a real reason because you don't make a new release? > > People who deploy and run production systems want a timely, targeted and > low risk fix for a security issue, which they can be confident of > deploying quickly, with a minimum of disruption to their service and > with the lowest possible chance of breakage. A new release would > necessarily contain other fixes not related to the security issue and > therefore takes longer to produce and longer to test and deploy in order > to reach the same level of confidence. > > I think you will find that this approach to security support is quite > common, especially among critical system components. Yes, in case of package like xen, should be a risk update without have done a better test on e.g. another test machine. Pasi in his mail made a great proposal. I'd like if you considerate it. -- Agostino Sarubbo Gentoo Linux Developer _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |