Upcoming Releases Schedule...
Jo Rhett
jrhett at netconsonance.com
Tue Sep 23 00:05:55 UTC 2008
On Sep 22, 2008, at 1:32 PM, Robert Watson wrote:
> Long answer: we're under-manned for our current commitments, and
> have seen longer advisory cycles than we would like. My guess is
> that we could eat the first 25% of a person just catching up on
> current obligations so as to reduce latency on advisories, handle
> back-analysis of reports that don't appear to be vulnerabilities but
> we'd like to be sure, etc.
>
> Another hand-wave: 50%-75% of a person would allow us to move into
> extending our obligations as well as put more resources into
> proactive work. You don't have to be on the security team to work
> on security work (and many people who do aren't), but certainly one
> obligation that comes with being on the team is to try to
> proactively address vulnerability classes and improve infrastructure
> for issuing advisories, providing updates, etc.
>
> All hand-waving, understand. Depends a lot on the person, the
> season (reports don't arrive at a constant rate), etc.
Thanks for the detail, and I think we all understand the necessary
vagueness. Is "a person" 40 hours a week? So if I could commit 10
hours a week, I'm 1/4 of a person in this context?
(assuming there was enough trust/etc that I could even do the work --
just for discussion)
> Tricky balance -- if you cut a major release every 18-24 months, you
> have a 24-month support cycle on the final point release on each
> branch, and you continue to release minor releases after the .0 of
> the next branch in order to allow .0's to settle for a bit before
> forcing migration forward, it's hard not to end up in the many-
> branch support game.
>
That's true. I've never been a huge fan of "release often" in
production systems ;-)
That being said, I was working on Debian when they went through the
Woody/Sarge era, and frankly I think that distinct production/
development tracks work even less well so it's not like I have useful
advice here ;-)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
More information about the freebsd-stable
mailing list