Hi Eder, For [1]: If there are not reliable GitHub Actions, we cannot address CVE in any way. So to be able to build a release with a CVE fix, we need to have a build system capable of doing builds. For that is my proposal, to start having that. For [2]: If someone doesn't follow any communication channels, there is no possibility to let them know that something is happening. For those on our current communication channels, it would be good to communicate the plan around migrating the CI system, when we have an agreement.
Best regards, Tibor On Thu, Sep 21, 2023 at 2:39 PM Eder Ignatowicz <[email protected]> wrote: > Tibor, some replies inline: > > On Thu, Sep 21, 2023 at 8:29 AM Tibor Zimányi <[email protected]> > wrote: > > > Hi Eder, > > > > thank you for your reply. I understand the concerns. It was expected that > > during the migration, there will not be possible to build community > > releases for an unknown amount of time. That is why I wrote my proposal - > > to start unblocking the releases in small iterations. > > > > OK, so from your point of view, if we are not going to do a release > for some time, how do you propose to address both points? > > [1] What do we do if a CVE appears for one of those artifacts, and we need > to do a release promptly? > [2] How do we communicate to the community that we will not release any > artifacts in the following weeks? How to don't look stale for the broad > community that doesn't follow us on our lists and just use our artifacts > via VS Code store, Chrome store etc.? > > > Best > > Eder > -- Tibor Zimanyi
