On Sat, Oct 31, 2015 at 02:20:22PM +0000, Adam D. Barratt wrote: > On Sun, 2015-06-14 at 11:52 +0200, Kurt Roeckx wrote: > > On Sun, Jun 14, 2015 at 12:22:52PM +1000, Julien Cristau wrote: > > > Is the policy for what gets included in the stable branches described > > > somewhere? > > > > It's documented at: > > https://www.openssl.org/about/releasestrat.html > > > > > What kind of automated or manual regression (or other) > > > testing is done on the stable branches? > > > > We have a test suite. It does test a lot of the functionality, > > but no test suite is perfect. > > Is it run manually or automatically? How frequently?
We're currently using things like travis, including on the stable braches, see: https://travis-ci.org/openssl/openssl/branches (The 0.9.8 branch isn't really supported anymore, not sure if someone will bother fixing the targets that fail in that branch.) We've also had other people (Cisco) do it regularly but I'm not sure which branches are covered there. We also have things like coverity specially for the release branch. I'm not sure if other such tools get run on regular basis. > > > What rate of changes are we talking about? > > > > There have been about 300 commits so far this year in the > > OpenSSL_1_0_1-stable branch, so averging about 2 per day. > > Are any other distributions following the upstream branches directly? > From a quick look, Ubuntu Trusty (which is the LTS released after > Wheezy) still appears to contain 1.0.1f. I really have no idea, but I don't think so. Kurt
