I think it seems odd to have 1 year of general fixes and only 3 additional months for security fixes. Ideally, I would prefer to see security fixes extended to 6 months, especially for those who upgrade yearly on a specific schedule that might not match up completely with Evergreen’s release schedule.
In practice, if a new vulnerability is discovered and enough of us are just beyond the security fix EOL, I imagine we’d still backport the fix. Jeremy Murray Evergreen Indiana System Administrator MIS Supervisor Management Information Services Indiana State Library From: Evergreen-dev <[email protected]> On Behalf Of Jane Sandberg via Evergreen-dev Sent: Thursday, July 11, 2024 10:22 AM To: Evergreen Development Discussion List <[email protected]> Subject: [Evergreen-dev] Can we make 3.11.7 the last 3.11 release? **** This is an EXTERNAL email. Exercise caution. DO NOT open attachments or click links from unknown senders or unexpected email. **** ________________________________ Hi all, According to this wiki pag<https://protect2.fireeye.com/v1/url?k=31323334-50bba2bf-31367a34-4544474f5631-e51a3f1bddb1dcab&q=1&e=85966b7f-41b5-4272-aade-6ba283ad7c3c&u=https%3A%2F%2Fwiki.evergreen-ils.org%2Fdoku.php%3Fid%3Ddev%3Arelease_process%3Aschedule%26s%5B%5D%3Dreleases>e, 3.11 met its end of life for general bug fixes in May. There are bug fixes that have been pushed to rel_3_11, we've missed some monthly releases, and 3.11.7 has already been announced -- so I'm okay with us still putting out a 3.11 bugfix release next week. But is it okay to call it done for the 3.11 series after this? Of course, we could still do a security release for the 3.11 series if needed. What do you think? -Jane
_______________________________________________ Evergreen-dev mailing list [email protected] http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-dev
