[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Project Security Process Whitepaper v1 is ready for community review

> On 28 Jun 2018, at 02:57, Lars Kurth <lars.kurth@xxxxxxxxxx> wrote:
> On 27/06/2018, 22:47, "Steven Haigh" <netwiz@xxxxxxxxx> wrote:
>    On Wednesday, 27 June 2018 7:19:58 PM AEST Jan Beulich wrote:
>>>>> On 27.06.18 at 06:05, <netwiz@xxxxxxxxx> wrote:
>>> Right now, we're at a stage where we could probably justify a new release
>>> of 4.6, 4.7, 4.8, 4.9, and 4.10 due to the depth of XSAs contained within
>>> that can't be patched on top of the release archive.
>> 4.7.6 and 4.8.4 are imminent anyway, and 4.9.3 is due in about a
>> month's time (I'll send a respective call for pointing out missing
>> backports once I've flushed out my own queue). There's not going to
>> be another release off the 4.6 branch, at least not one organized by
>> XenProject. Even us meaning to do so for 4.7 is only because of the
>> circumstances.
>> As mentioned before - personally I'm not fancying to do more frequent
>> stable releases.
>    Surely we are able to automate the majority of the process?
>    I could imagine that with a regular release schedule, it could be refined 
>    enough to automatically package the current git branch based on just 
>    committing a tag.
> There was a discussion at the summit in this area, which would be a step in 
> the right direction, which was proposed by Doug from Rackspace and Matt from 
> ARM. I still need to deal with the meeting notes
> Lars

The relevant meeting notes are:
(Testing/Building with Docker/GitLab)
(Process changes: is the 6 monthly release Cadence too short, Security Process, 

If you want to pick up items from these discussions in this thread, please copy 
the relevant section from the above discussion into this thread.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.