This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Glibc stable release process (Glibc 2.26.1)
- From: Arjan van de Ven <arjan at linux dot intel dot com>
- To: Zack Weinberg <zackw at panix dot com>, "Yann E. MORIN" <yann dot morin dot 1998 at free dot fr>
- Cc: Tulio Magno Quites Machado Filho <tuliom at linux dot vnet dot ibm dot com>, Romain Naour <romain dot naour at gmail dot com>, "libc-alpha at sourceware dot org" <libc-alpha at sourceware dot org>, Joseph Myers <joseph at codesourcery dot com>, "Gabriel F. T. Gomes" <gabriel at inconstante dot eti dot br>, Siddhesh Poyarekar <siddhesh at sourceware dot org>, Paul Eggert <eggert at cs dot ucla dot edu>
- Date: Sat, 30 Sep 2017 07:27:19 -0700
- Subject: Re: Glibc stable release process (Glibc 2.26.1)
- Authentication-results: sourceware.org; auth=none
- References: <60f78cac-9cf4-51b1-9ade-21cd09783d96@gmail.com> <874lrli3sx.fsf@linux.vnet.ibm.com> <20170930101833.GA2993@scaer> <CAKCAbMj3ByTofE=WsKV-SXOCWyJYStRKvP3DA9ttiW2hUNZffA@mail.gmail.com>
On 9/30/2017 4:57 AM, Zack Weinberg wrote:
I'm a little underslept and I'm not sure I fully understand the issue
here, but would it help if we literally just tagged point releases and
pushed tarballs to ftp.gnu.org from a cron job? Once a month if there
have been any patches since the previous tag, perhaps? With the
official line being that all patches on the release branches are
carefully vetted and we recommend tracking the git branch if you can,
but this is easier for some downstream organizations so we offer this
as well.
with my distro hat on, yes I would appreciate this already a lot.
I'll consume these (and likely other distros will as well) as very
good anchor points.
It also leads to, say, a CVE be able to list "fixed in 2.26.5"
and everyone (and all more importantly, all tools that we all use
to cross reference our distros to CVE databases) will know if things
are already fixed, or if someone needs to take a look for a fix
to backport outside of the releases