+1. If we want to take our release quality seriously then I think this would be a great policy to have.
> On Feb 15, 2022, at 8:09 AM, Josh McKenzie <jmcken...@apache.org> wrote: > > > On the release thread for 4.0.2 Jeremiah brought up a point about hotfix > releases and CI: > https://lists.apache.org/thread/7zc22z5vw5b58hdzpx2nypwfzjzo3qbr > >> If we are making this release for a security incident/data loss/hot fix >> reason, then I would expect to see the related change set only containing >> those patches. But the change set in the tag here the latest 4.0-dev commits. > > I'd like to propose that in the future, regardless of the state of CI, if we > need to cut a hotfix release we do so from the previous released SHA + only > the changes required to address the hotfix to minimally impact our end users > and provide them with as minimally disruptive a fix as possible.
