MicroReleaseExceptions

Differences between revisions 1 and 8 (spanning 7 versions)
Revision 1 as of 2007-07-17 00:11:11
Size: 1013
Editor: sites
Comment: proposal from sprint
Revision 8 as of 2009-01-09 18:44:22
Size: 1022
Editor: sites
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
'''This is a ''proposed'' change, and must be ratified by the Tech Board first.''' '''This was ratified by the Tech Board on 2007-08-14.'''
Line 5: Line 5:
 * Allow for an exception in SRUs to the "patch must be as small and unintrusive as possible" requirement for specific packages that meet the criteria:  * Allow for an exception in [[StableReleaseUpdates|SRU]]s to the "patch must be as small and unintrusive as possible" requirement for specific packages that meet the criteria:
Line 9: Line 9:
 * On a case-by-case basis, if the security team rates the chance of vulnerability exploitation greater than the chance of regression for a given update, it can skip SRU and go directly through the security queue.
  * The security team will have the responsibility to maintain and review the list of packages that are exceptions to the SRU rule, as well as approve package additions.
  * Existing de facto exceptions are:
   * firefox
   * mozilla-thunderbird, thunderbird
   * postgresql-8.1, postgresql-8.2		  * The technical board will have the responsibility to maintain and review the list of packages that are exceptions to the SRU rule, as well as approve package additions.
  * Changes to the exception list must be brought to the TB via email. The request is expected to include justification against the above criteria.
  * Changes can be approved via any single TB member
 * Approved exceptions:
  * firefox
  * mozilla-thunderbird, thunderbird
  * postgresql-8.1, postgresql-8.2
  * clamav (approved on 2009-01-09)

This was ratified by the Tech Board on 2007-08-14.

SRU micro version update exception

  • Allow for an exception in SRUs to the "patch must be as small and unintrusive as possible" requirement for specific packages that meet the criteria:

    • upstream supports micro-version updates to stable releases
    • upstream has a sufficiently high level of regression testing for their stable releases
    • regression tests are enabled in the package's build
  • The technical board will have the responsibility to maintain and review the list of packages that are exceptions to the SRU rule, as well as approve package additions.
    • Changes to the exception list must be brought to the TB via email. The request is expected to include justification against the above criteria.
    • Changes can be approved via any single TB member
  • Approved exceptions:
    • firefox
    • mozilla-thunderbird, thunderbird
    • postgresql-8.1, postgresql-8.2
    • clamav (approved on 2009-01-09)

StableReleaseUpdates/MicroReleaseExceptions (last edited 2015-09-29 16:25:28 by pitti)