+1 this looks like a good plan
On 07/24/2016 02:37 PM, Andrea Pescetti wrote:
> While the severity of the security bug we disclosed
> http://www.openoffice.org/security/cves/CVE-2016-1513.html is not
> particularly high (it is classified as "Medium" with no known exploits
> and anti-virus software can detect malicious documents), we should
> release an update incorporating the -already tested- patch we disclosed
> in the announcement.
>
> I assume we will want to keep the effort minimal.
>
> To do so, an outline would be:
>
> 1) We commit the patch to the AOO410 branch. This is the branch used for
> all the 4.1.x series. 4.2.0 isn't out yet, so 4.1.x is still our
> reference version.
>
> 2) We do not make any other changes to the AOO410 branch. This is really
> meant to be a minimal update. Even the version number in the source
> package will remain 4.1.2.
>
> 3) We tag the release as AOO4121 and build the corresponding source
> package, which will have 4.1.2.1 in its name (I mean the filename,
> nowhere else).
>
> 4) We don't prepare full end-user release binaries but we do supply
> repaired libraries for power users - remember the circumstances above.
> The bugfix modifies one library file, and we have binaries ready for
> several platforms already.
>
> 5) We vote on the source and possibly binaries. We advertise the
> availability of the new packages on our website, but we don't send out
> update notifications and we don't put the files on SourceForge.
>
> Does this look OK?
>
> Once this is done, we will probably want to open another discussion and
> see how we can coordinate for a release that incorporates more fixes or
> features and is made available in full form, with all localized
> installers, to end users. But the above is mostly aimed in having an
> official way to ship the existing patch.
>
> Regards,
> Andrea.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
>
--
Kay Schenk
Apache OpenOffice
----------------------------------------
"Things work out best for those who make
the best of the way things work out."
-- John Wooden
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
