[TYPO3-v4] Minutes of the 9th meeting of the 4.7 Release Team
Helmut Hummel
helmut.hummel at typo3.org
Tue Jan 31 15:14:00 CET 2012
Hi,
Steffen Ritter wrote:
> postulated requirements
> ------------------------
> * everyone planning to install a security release already upgraded to
> the latest patch-level release
> * the latest patch-level release does not contain regressions
>
> We considere these points as as granted as soon as 1 month passed, since
> the latest patch-level release has been published.
> facts and procedures
> ---------------------
> * New security releases should not be combined Bugfix/Security releases
> anymore.
> * Therefore they won't be based upon the head of the branch (for example
> TYPO3_4-6) but based upon the tag of the latest patch-level release
> since the branch may already have new bugfixes included.
> * security patches are applied within the hidden security-repository to
> Bugfix release after a security release
> ---------------------------------------
> For the next "normal" release security fixes are applied to the HEAD of
> the version branch on release. This should happen 2 or 3 weeks after the
> security release when we can be sure, that have not have been regressions.
This leads to a following release policy:
* Security Releases can follow earliest one month after a bufix
release
* A Bugfix release can earliest follow 2-3 weeks after a security
release
I'm fine with that. However there might be a critical security release
which need to be done *any* time. I would still suggest that such a
release is based on the latest TAG, no matter when this tag has been
created.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-project-v4
mailing list