openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: Planning for emergency releases
Date Fri, 12 Aug 2016 21:14:21 GMT


> -----Original Message-----
> From: Patricia Shanahan [mailto:pats@acm.org]
> Sent: Friday, August 12, 2016 13:55
> To: dev@openoffice.apache.org
> Subject: Re: Planning for emergency releases
> 
> 
> 
> On 8/12/2016 1:40 PM, Dennis E. Hamilton wrote:
> >> -----Original Message----- From: Patricia Shanahan
> >> [mailto:pats@acm.org] Sent: Thursday, August 11, 2016 11:07 To:
> >> dev@openoffice.apache.org Subject: Re: Planning for emergency
> >> releases
> >>
> > [ ... ]
> >>
> >> Meanwhile, it is interesting for contemplating a ready-to-release
> >> strategy. We would need to pick a step at which to hold a release
> >> that minimizes the time to put in one critical fix and ship it.
> > [orcmid]
> >
> > It strikes me that an always-existing candidate for a ready to
> > release is the last-previous stable release.
> >
> > The biggest reason is that there only needs to be regression testing,
> > since it is presumably well-established that said release is stable
> > and that has been confirmed on the ground by the success of users.
> >
> > There could be something else that is close, but it strikes me that
> > would probably be a pending maintenance release that is basically
> > about bug fixes and any simple things.
> >
> > I note that, for changing the installer, something we would like to
> > do, the rebuild of a stable release at least needs to be done and
> > checked to see that the install produces the same result.  If that
> > were tested to satisfaction, it would also qualify as a
> > ready-to-release base without having to be put in the wild.
> 
> Personally, I would like to treat the last stable release as the base
> for emergency fixes. I started out suggesting using the current patch as
> an exercise to work through the process for doing that.
> 
> However, I have seen a lot of push back on the idea of ever doing a
> release that only has one change.
[orcmid] 

Yes.  It might be necessary to do triage - choose highly-vulnerable platforms, common languages,
etc.

And, if we are talking about an unpatched vulnerability with an exploit in the wild, I don't
think the ASF Board will be sympathetic to our reticence. 

I agree that we do need to do fire drills simply to be able to respond when an emergency arises.
 

 - Dennis
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message