[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen release cycle revisited

On 14/12/17 12:28, Julien Grall wrote:
> 
> 
> On 14/12/17 07:56, Juergen Gross wrote:
>> Hi all,
> 
> Hi Juergen,
> 
> I would recommend to CC committers on that thread, so your thread don't
> get lost in the xen-devel meanders :).
> 
>> with 4.10 more or less finished it is time to plan for the next release
>> 4.11. Since 4.7 we are using a 6 month release cycle [1] targeting to
>> release in June and December.
>>
>> While this worked reasonably well for 4.7, 4.8 and 4.9 we had some
>> difficulties with 4.10: bad luck with security patch timing shifted the
>> 4.10 release more towards mid of December. Doing thorough testing of the
>> latest security patches and trying to release at least 10 days before
>> Christmas seemed to be almost mutually exclusive goals.
>>
>> So what do we learn from this experience?
>>
>> 1. Should we think about other planned release dates (e.g. May and
>>     November - would that collide with any holiday season)?
>>
>> 2. Shouldn't we have tried to include the latest security patches in
>>     4.10, resulting in the need for 4.10.1 at once?
> 
> I am not sure to understand this questions here.

Hmm, yes, this is somehow garbled.

Next try:

2. Should we have released 4.10 without those late security patches,
   resulting in the need for 4.10.1 at once?

> 
>>
>> 3. Should we let the release slip for almost a month in such a case?
> 
> The problem is XSAs can happen at any time. Let's imagine we decided to
> release in January, what if a new security was discovered during
> christmas? Are we going to slip the release again?

Go back to 2. :-)

> 
>>
>> 4. Should we try harder to negotiate embargo dates of security issues to
>>     match the (targeted) release dates?
> 
> Those 4 XSAs was first released under embargoed a couple of days before
> the targeted release dates.
> 
> The usual embargo period is 2 weeks. I think it would be difficult to
> request a shorter embargo period because downstream product need time to
> apply/test the security fixes.

Right. What about a longer embargo so that it ends well after the
release date? Last minute XSAs just before a 2-3 week period where
a release can't happen (like at Xmas) are the problem.


Juergen

> 
>>
>> 5. Should we modify the development/hardening periods?
>>
>> For 4.11 we shouldn't have this problem: while targeted for releasing in
>> early June it wouldn't be a nightmare to let it slip into July. 4.12
>> however will probably face the same problem again and we should prepare
>> for that possibility.
>>
>>
>> Juergen
>>
>> [1]: https://lists.xen.org/archives/html/xen-devel/2015-10/msg00263.html
> 
> Cheers,
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.