Hi Jeremy, That's a good point. In practice, we recently did a security release for 3.10, despite the fact that it was technically 5 months past its official security EOL. To me, it sounds like a good discussion topic for a future dev meeting <https://wiki.evergreen-ils.org/doku.php?id=dev:meetings>, would you be interested in putting it on an agenda and introducing the topic, Jeremy?
I haven't heard anybody say that they need more bug fix 3.11 releases after this one, so we're currently building 3.11.7 with the assumption that it will be the last bugfix release in the series, and that it will be security-only after this. Thanks, -Jane El jue, 11 jul 2024 a la(s) 7:44 a.m., Murray, Jeremy B ( [email protected]) escribió: > I think it seems odd to have 1 year of general fixes and only 3 additional > months for security fixes. Ideally, I would prefer to see security fixes > extended to 6 months, especially for those who upgrade yearly on a specific > schedule that might not match up completely with Evergreen’s release > schedule. > > > > In practice, if a new vulnerability is discovered and enough of us are > just beyond the security fix EOL, I imagine we’d still backport the fix. > > > > > > *Jeremy Murray* > Evergreen Indiana System Administrator > > MIS Supervisor > > *Management Information Services* > > Indiana State Library > > > > *From:* Evergreen-dev <[email protected]> *On > Behalf Of *Jane Sandberg via Evergreen-dev > *Sent:* Thursday, July 11, 2024 10:22 AM > *To:* Evergreen Development Discussion List < > [email protected]> > *Subject:* [Evergreen-dev] Can we make 3.11.7 the last 3.11 release? > > > > **** This is an EXTERNAL email. Exercise caution. DO NOT open attachments > or click links from unknown senders or unexpected email. **** > ------------------------------ > > Hi all, > > > > According to this wiki pag > <https://protect2.fireeye.com/v1/url?k=31323334-50bba2bf-31367a34-4544474f5631-e51a3f1bddb1dcab&q=1&e=85966b7f-41b5-4272-aade-6ba283ad7c3c&u=https%3A%2F%2Fwiki.evergreen-ils.org%2Fdoku.php%3Fid%3Ddev%3Arelease_process%3Aschedule%26s%5B%5D%3Dreleases>e, > 3.11 met its end of life for general bug fixes in May. There are bug fixes > that have been pushed to rel_3_11, we've missed some monthly releases, and > 3.11.7 has already been announced -- so I'm okay with us still putting out > a 3.11 bugfix release next week. > > > > But is it okay to call it done for the 3.11 series after this? Of course, > we could still do a security release for the 3.11 series if needed. > > > > What do you think? > > > > -Jane >
_______________________________________________ Evergreen-dev mailing list [email protected] http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-dev
