oliver IIUC you are on the cert list, there are two specific examples that are guiding my thinking at present. I will send the references out of band.
The security fixes are typically prepared in advance for this reason and pushed to every branch at the same time to minimize exposure. If we do not do the concurrent releases then LTS becomes vulnerable. On 15 September 2015 at 11:58, oliver gondža <[email protected]> wrote: > On Tue, 15 Sep 2015 12:39:36 +0200, Stephen Connolly > <[email protected]> wrote: > >> My view is that fixing the security hole trumps backwards >> compatibility, > > > Personally I disagree, especially as SECURITY issues are merged into LTS as > they are now. LTS users choose stability and their vulnerabilities as > disclosed as rapidly as those of weekly release users. I do not think it > provides enough time to evaluate possible impact of such invasive fixes. > > I lean towards preserving backward compatibility (in SECURITY fix) or at > least making the fix optional if breakage is inevitable. > > -- > oliver > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/op.x4z3g0gjsbfict%40arch. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CA%2BnPnMw9fi%2BgUe1vLY%2B0NcHc71tDy2NKAdZU%3D7Jad9PmW2k7pg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
