On 12/09/2011 06:55 AM, Andreas Färber wrote:
Am 05.12.2011 21:08, schrieb Justin M. Forbes:
Typically I get a flurry of patches shortly after
a release (and they have already started for 1.0). I have tried to get
a .1 release out in a timely manner, and then it seems patches for
stable become few and far between. In the 0.14 and 0.15 series, not
even enough to warrant a .2 release. Perhaps this is due to lack fixed
issues, or lack of effort to submit to stable.
3) Security fixes do not follow this schedule, and will trigger a stable
release as needed.
I would've thought that the usb-ccid CVE alone warrants a 0.15.2 of qemu
and qemu-kvm. I am surprised nothing has happened there yet...
http://patchwork.ozlabs.org/patch/128064/
We don't have a clear EOL schedule for stable releases. Historically, stable
releases only lasted until the next release cycle so in by that logic, 0.15 is EOL.
Obviously, part of creating a regular cadence for stable releases and getting
more people involved is to formalize this all quite a bit more.
Regards,
Anthony Liguori
Andreas