[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen release cycle revisited

On 14/12/17 07:56, Juergen Gross wrote:
Hi all,

Hi Juergen,

I would recommend to CC committers on that thread, so your thread don't get lost in the xen-devel meanders :).

with 4.10 more or less finished it is time to plan for the next release
4.11. Since 4.7 we are using a 6 month release cycle [1] targeting to
release in June and December.

While this worked reasonably well for 4.7, 4.8 and 4.9 we had some
difficulties with 4.10: bad luck with security patch timing shifted the
4.10 release more towards mid of December. Doing thorough testing of the
latest security patches and trying to release at least 10 days before
Christmas seemed to be almost mutually exclusive goals.

So what do we learn from this experience?

1. Should we think about other planned release dates (e.g. May and
    November - would that collide with any holiday season)?

2. Shouldn't we have tried to include the latest security patches in
    4.10, resulting in the need for 4.10.1 at once?

I am not sure to understand this questions here.

3. Should we let the release slip for almost a month in such a case?

The problem is XSAs can happen at any time. Let's imagine we decided to release in January, what if a new security was discovered during christmas? Are we going to slip the release again?

4. Should we try harder to negotiate embargo dates of security issues to
    match the (targeted) release dates?

Those 4 XSAs was first released under embargoed a couple of days before the targeted release dates.

The usual embargo period is 2 weeks. I think it would be difficult to request a shorter embargo period because downstream product need time to apply/test the security fixes.

5. Should we modify the development/hardening periods?

For 4.11 we shouldn't have this problem: while targeted for releasing in
early June it wouldn't be a nightmare to let it slip into July. 4.12
however will probably face the same problem again and we should prepare
for that possibility.


[1]: https://lists.xen.org/archives/html/xen-devel/2015-10/msg00263.html


Julien Grall

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.