On 8/12/2016 2:14 PM, Dennis E. Hamilton wrote:
-----Original Message----- From: Patricia Shanahan
[mailto:p...@acm.org]
...
Personally, I would like to treat the last stable release as the
base for emergency fixes. I started out suggesting using the
current patch as an exercise to work through the process for doing
that.
However, I have seen a lot of push back on the idea of ever doing
a release that only has one change.
[orcmid]
Yes. It might be necessary to do triage - choose highly-vulnerable
platforms, common languages, etc.
And, if we are talking about an unpatched vulnerability with an
exploit in the wild, I don't think the ASF Board will be sympathetic
to our reticence.
I agree that we do need to do fire drills simply to be able to
respond when an emergency arises.
I would prefer to see agreement within the PMC on an emergency release
process, followed by a fire drill to test it. My understanding, from
following bo...@apache.org, is that if the ASF Board ever gets involved,
they will swing hammers not scalpels.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
