[OpenAFS] When to publish security advisories?

Simon Wilkinson sxw@inf.ed.ac.uk
Fri, 15 Apr 2011 21:11:07 +0100

On 15 Apr 2011, at 20:43, David Boyes wrote:
> A variation of this comment: much of the complexity of deploying a fix =
is related to packaging. Investment in simplifying and automating the =
process of creating and deploying a new package would probably help =
somewhat with the pain level of creating a new release. The current =
build system is not helpful at all in that area.

Sadly, the issue is not related to build system complexity.

When a new release happens, it relies on a number of volunteers who =
build and test the source on their respective platforms. We generally =
try to ensure that we have good build and test coverage before making a =
release, which all takes time. For RedHat, for example, a complete set =
of builds for a new release can take nearly a week to complete. Whilst =
we could automate portions of this build process for all of the systems =
we have buildbots for, we can't automate the testing process and this =
stage remains important, if only to pick up bad builds.

We need to be careful that we don't burn out the volunteers who provide =
this service by creating releases too frequently. This is going to be =
especially important in the next few months when we'll be maintaining =
both a new stable series (1.6.x) and a legacy one (1.4.x)