The release cycle is in order of months currently, so when a security fix is applied to LTS (long-term support) branches, it is recommended to release a new version.
The idea is to keep the latest LTS tarball less vunerable. Signed-off-by: Flavio Leitner <f...@redhat.com> --- SECURITY.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 963d6ff..81ec3fe 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -144,6 +144,9 @@ they have already been reviewed and applied), post the security advisory to appropriate mailing lists (ovs-announce, ovs-discuss), and post the security advisory on the Open vSwitch webpage. +When the patch is applied to LTS (long-term support) branches, a new +version should be released. + The security advisory should be GPG-signed by a security team member with a key that is in a public web of trust. -- 2.1.0 _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
