[libvirt] [PATCH] docs: mention maintenance branches
Michal Privoznik
mprivozn at redhat.com
Wed Jan 15 14:32:29 UTC 2014
On 14.01.2014 17:53, Eric Blake wrote:
> Mitre tried to assign us two separate CVEs for the fix for
> https://bugzilla.redhat.com/show_bug.cgi?id=1047577, on the
> grounds that the fixes were separated by more than an hour
> and thus triggered different hourly snapshots. But we
> explicitly do NOT want to treat transient security bugs as
> CVEs if they can only be triggered by patches in libvirt.git
> but where the problem is cleaned up before a formal release.
>
> Meanwhile, I noticed that while our wiki mentioned maintenance
> branches and releases, our formal documentation did not.
>
> * docs/downloads.html.in: Contrast hourly snapshots with
> maintenance branches.
>
> Signed-off-by: Eric Blake <eblake at redhat.com>
> ---
>
> Doc only, so suitable for 1.2.1 if it gets reviewed in time.
>
> docs/downloads.html.in | 25 ++++++++++++++++++++++++-
> 1 file changed, 24 insertions(+), 1 deletion(-)
>
> diff --git a/docs/downloads.html.in b/docs/downloads.html.in
> index 83b8751..ef03567 100644
> --- a/docs/downloads.html.in
> +++ b/docs/downloads.html.in
> @@ -22,7 +22,9 @@
> <p>
> Once an hour, an automated snapshot is made from the git server
> source tree. These snapshots should be usable, but we make no guarantees
> - about their stability:
> + about their stability; furthermore, they should NOT be
> + considered formal releases, and they may have transient security
> + problems that will not be assigned a CVE:
> </p>
>
> <ul>
> @@ -30,6 +32,27 @@
> <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.gz">libvirt.org HTTP server</a></li>
> </ul>
>
> + <h2><a name="maintenance">Maintenance releases</a></h2>
> + <p>
> + In the git repository are several stable maintenance branches,
> + matching the
> + pattern <code>v<i>major</i>.<i>minor</i>.<i>micro</i>-maint</code>;
> + these branches are forked off the corresponding
> + <code>v<i>major</i>.<i>minor</i>.<i>micro</i></code> formal
> + release, and may have further releases of the
> + form <code>v<i>major</i>.<i>minor</i>.<i>micro</i>.<i>rel</i></code>.
> + These maintenance branches should only contain bug fixes, and no
> + new features, backported from the master branch, and are
> + supported. These maintenance branches are considered during
> + CVE analysis.
> + </p>
> +
> + <p>
> + For more details about contents of maintenance releases, see
> + <a href="http://wiki.libvirt.org/page/Maintenance_Releases">the
> + wiki page</a>.
> + </p>
> +
> <h2><a name="git">GIT source repository</a></h2>
>
> <p>
>
ACK & safe for the upcoming release.
Michal
More information about the libvir-list
mailing list