[libvirt] closing old maint branches [was: [v0.9.12-maint 0/8] Backport changes for CVE-2013-6458 to v0.9.12-maint]

Eric Blake eblake at redhat.com
Wed Jan 22 19:13:48 UTC 2014

On 01/15/2014 01:43 PM, Eric Blake wrote:

> Is anyone still using v0.9.11-maint?  The CVE extends back to 0.9.8, so
> we could argue that we should either fix the 0.9.11 branch, or add
> another commit to the branch that explicitly marks it as end-of-life
> because no one appears to be relying on it.  Fedora 18 is now
> end-of-life, so from Fedora's perspective, I only care about 0.10.2
> (RHEL and CentOS 6), 1.0.5 (F19), 1.1.3 (F20) and soon 1.2.1 (rawhide),
> although I didn't mind touching all the intermediate branches on my way
> down to 0.10.2.  RHEL 5 is also vulnerable to CVE-2013-6458, but as we
> don't have an upstream v0.8.2-maint branch (thank goodness!), that's
> something for Red Hat to worry about.

I've gone ahead and marked v0.8.3-maint and v0.9.11-maint as closed (I'm
not posting the actual patch here, but it was done by 'git rm -f \*'
followed by recreating .gitignore and a placeholder README that mentions
the death of the branch).

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140122/a5fb7932/attachment-0001.sig>

More information about the libvir-list mailing list