On Tue, Dec 8, 2015 at 1:26 PM, Julien Pauli <jpa...@php.net> wrote: > On Tue, Dec 8, 2015 at 1:04 PM, Remi Collet <r...@php.net> wrote: > > Le 08/12/2015 12:36, Anatol Belski a écrit : > >> Yeah, particularly our release schedule collides with many holidays > this year. For a security release a holiday time is obviously very bad. > > > > +1 > > > > Our Release Process state: > > > > " At least one release per month, more at wish " > > > > Perhaps we should consider new release on > > > > " 1st thursday of the month " > > > > (It seems every year, Christmas is end of month ;) > > > Yep, end of year has always collided with our release cycle. > > Perhaps we should change this latter as proposed by Remi ? > > > Also, we had another idea. > > Why not use RC2 as a chance for some security patches to get tested ? > If we have a RC2 (which is not bad IMO, we have a time slice here at > end of 2015 that enables us to release an RC2) , we then could merge > into this one some well-selected security patches, f.e, some that are > *low* classified , aka that can't get trigerred remotely by user > payload. > > What you think ? > > CCing Stas as well, as he got many experience in security. > > > Julien.P >
we are just iterating by two weeks which makes the monthly release not monthly but every 28 days, which is fine but that also means that sometimes the release dates are not always at the same date on each month (stating the obvious). I think that there is no better alternative, we just have to handle the exceptional cases. As we seem to have security fixes (and unfortunatelly at least one of those were directly pushed by laruance so now it is public information) maybe we should release it one week earlier (cutting the RC period one week shorter) instead of delaying it until january?
