Re: [PATCH] docs: mention maintenance branches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 14.01.2014 17:53, Eric Blake wrote:
> Mitre tried to assign us two separate CVEs for the fix for
> https://bugzilla.redhat.com/show_bug.cgi?id=1047577, on the
> grounds that the fixes were separated by more than an hour
> and thus triggered different hourly snapshots.  But we
> explicitly do NOT want to treat transient security bugs as
> CVEs if they can only be triggered by patches in libvirt.git
> but where the problem is cleaned up before a formal release.
> 
> Meanwhile, I noticed that while our wiki mentioned maintenance
> branches and releases, our formal documentation did not.
> 
> * docs/downloads.html.in: Contrast hourly snapshots with
> maintenance branches.
> 
> Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
> ---
> 
> Doc only, so suitable for 1.2.1 if it gets reviewed in time.
> 
>  docs/downloads.html.in | 25 ++++++++++++++++++++++++-
>  1 file changed, 24 insertions(+), 1 deletion(-)
> 
> diff --git a/docs/downloads.html.in b/docs/downloads.html.in
> index 83b8751..ef03567 100644
> --- a/docs/downloads.html.in
> +++ b/docs/downloads.html.in
> @@ -22,7 +22,9 @@
>      <p>
>        Once an hour, an automated snapshot is made from the git server
>        source tree. These snapshots should be usable, but we make no guarantees
> -      about their stability:
> +      about their stability; furthermore, they should NOT be
> +      considered formal releases, and they may have transient security
> +      problems that will not be assigned a CVE:
>      </p>
> 
>      <ul>
> @@ -30,6 +32,27 @@
>        <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.gz";>libvirt.org HTTP server</a></li>
>      </ul>
> 
> +    <h2><a name="maintenance">Maintenance releases</a></h2>
> +    <p>
> +      In the git repository are several stable maintenance branches,
> +      matching the
> +      pattern <code>v<i>major</i>.<i>minor</i>.<i>micro</i>-maint</code>;
> +      these branches are forked off the corresponding
> +      <code>v<i>major</i>.<i>minor</i>.<i>micro</i></code> formal
> +      release, and may have further releases of the
> +      form <code>v<i>major</i>.<i>minor</i>.<i>micro</i>.<i>rel</i></code>.
> +      These maintenance branches should only contain bug fixes, and no
> +      new features, backported from the master branch, and are
> +      supported.  These maintenance branches are considered during
> +      CVE analysis.
> +    </p>
> +
> +    <p>
> +      For more details about contents of maintenance releases, see
> +      <a href="http://wiki.libvirt.org/page/Maintenance_Releases";>the
> +      wiki page</a>.
> +    </p>
> +
>      <h2><a name="git">GIT source repository</a></h2>
> 
>      <p>
> 

ACK & safe for the upcoming release.

Michal

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]