Thanks all for the discussion, what I gather is:
(1) Stating the obvious: our release practices and mechanisms match what I
suggested we wrote down in a page. (That's great!). I heard no objections
to affirming our adherence to ASF vulnerability policy.
(2) There are details to be discussed furthe
Hi guys
If you take back this thread [1], then beam will only support two branches
and no others.
On the shortcut release cycle it is not really desired at apache and not
the normal process so the 3 days vote is required but not a blocker IMHO.
If really an issue the merge can be done quickly on
Hi Beam-devs!
There is also the consideration of which releases to fix. I am familiar
with Apache Hadoop and there may be a "stable", "beta" and "alpha" release.
Usually security fixes are ported to one or more of those branches.
Cheers
Ravi
On Sat, Jun 16, 2018 at 2:43 PM, Kenneth Knowles wrot
I like the idea of explicitly affirming our use of the ASF Vulnerability
Policy as well as listing other classes of bugs that are particularly
critical for a project like Beam. I think the most valuable thing is having
a clear and concise policy for users to understand at a glance. Then we can
have
While performing a patch release is the correct approach for a critical
fixes I think there are still several points that we might want to discuss
and formalize/document if needed.
(1) What if there's an ongoing major/minor version release ?
If think patch releases should be independent of any ong
Hi Rafael,
It's a good point but I don't see nothing more to do on our side: if a
emergency issue is detected, then we have to address it and release a
fix release (x.y.z where z is the specific release fixing the issue).
The commitment is a best effort as in all community: if an emergency
issue i
Thank you Rafael.
I think it is a good idea to include our commitment, including concrete
steps on our website. This would make it easier for enterprise users to
choose Beam. Even though this is already partially Apache policy and there
is precedence in our project with 2.1.1 release; increasing t
