openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: Planning for emergency releases
Date Mon, 15 Aug 2016 16:56:44 GMT


> -----Original Message-----
> From: Patricia Shanahan [mailto:pats@acm.org]
> Sent: Sunday, August 14, 2016 16:28
> To: dev@openoffice.apache.org
> Subject: Re: Planning for emergency releases
> 
> On 8/12/2016 2:14 PM, Dennis E. Hamilton wrote:
> >
> >
> >> -----Original Message----- From: Patricia Shanahan
> >> [mailto:pats@acm.org]
> ...
> >> Personally, I would like to treat the last stable release as the
> >> base for emergency fixes. I started out suggesting using the
> >> current patch as an exercise to work through the process for doing
> >> that.
> >>
> >> However, I have seen a lot of push back on the idea of ever doing
> >> a release that only has one change.
> > [orcmid]
> >
> > Yes.  It might be necessary to do triage - choose highly-vulnerable
> > platforms, common languages, etc.
> >
> > And, if we are talking about an unpatched vulnerability with an
> > exploit in the wild, I don't think the ASF Board will be sympathetic
> > to our reticence.
> >
> > I agree that we do need to do fire drills simply to be able to
> > respond when an emergency arises.
> 
> I would prefer to see agreement within the PMC on an emergency release
> process, followed by a fire drill to test it. My understanding, from
> following board@apache.org, is that if the ASF Board ever gets involved,
> they will swing hammers not scalpels.
[orcmid] 

Patricia,

I agree that this is a matter for project governance.  

I suppose it is a matter of setting a policy with regard to emergency preparedness, having
timely responses to serious defects (security vulnerabilities, loss-of-data crashers, corrupted
operation, etc.) that deserve speedy remedies.  Historically, there are ways of accomplishing
this from hotfixes for those encountering the problem to updates (less than wholesale), and
new releases.

I think the discussion and determination can go here on dev@.  It seems like an appropriate
major topic.

So, how can we deliberate on this and come to a conclusion as to direction and then execution?

 - Dennis
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message