git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / Atom feed
* Git stable releases
@ 2020-05-14 20:25 John Carlissi
  2020-05-22 15:32 ` John Carlissi
  2020-05-24 16:26 ` Junio C Hamano
  0 siblings, 2 replies; 5+ messages in thread
From: John Carlissi @ 2020-05-14 20:25 UTC (permalink / raw)
  To: git

I noticed that with 2.16.6 development stopped whereas with the latest
security update, everything 2.17 and newer got the fix. Is there any
formal definition as to when a minor version is EOL and no longer gets
security updates?
Thanks!

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Git stable releases
  2020-05-14 20:25 Git stable releases John Carlissi
@ 2020-05-22 15:32 ` John Carlissi
  2020-05-22 16:54   ` Elijah Newren
  2020-05-24 16:26 ` Junio C Hamano
  1 sibling, 1 reply; 5+ messages in thread
From: John Carlissi @ 2020-05-22 15:32 UTC (permalink / raw)
  To: git

On Thu, May 14, 2020 at 4:25 PM John Carlissi <johncarlissi@gmail.com> wrote:
>
> I noticed that with 2.16.6 development stopped whereas with the latest
> security update, everything 2.17 and newer got the fix. Is there any
> formal definition as to when a minor version is EOL and no longer gets
> security updates?
> Thanks!

Does the silence mean there is no formal definition or did this
message just get lost in the pile?

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Git stable releases
  2020-05-22 15:32 ` John Carlissi
@ 2020-05-22 16:54   ` Elijah Newren
  2020-05-22 21:06     ` John Carlissi
  0 siblings, 1 reply; 5+ messages in thread
From: Elijah Newren @ 2020-05-22 16:54 UTC (permalink / raw)
  To: John Carlissi; +Cc: Git Mailing List

On Fri, May 22, 2020 at 8:38 AM John Carlissi <johncarlissi@gmail.com> wrote:
>
> On Thu, May 14, 2020 at 4:25 PM John Carlissi <johncarlissi@gmail.com> wrote:
> >
> > I noticed that with 2.16.6 development stopped whereas with the latest
> > security update, everything 2.17 and newer got the fix. Is there any
> > formal definition as to when a minor version is EOL and no longer gets
> > security updates?
> > Thanks!
>
> Does the silence mean there is no formal definition or did this
> message just get lost in the pile?

These mails from the maintainer may be of interest to you, though I
think they lean towards there being no formal definition:

https://lore.kernel.org/git/xmqqwo5luj6r.fsf@gitster.c.googlers.com/

https://lore.kernel.org/git/xmqq8t8bvz6x.fsf@gitster-ct.c.googlers.com/

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Git stable releases
  2020-05-22 16:54   ` Elijah Newren
@ 2020-05-22 21:06     ` John Carlissi
  0 siblings, 0 replies; 5+ messages in thread
From: John Carlissi @ 2020-05-22 21:06 UTC (permalink / raw)
  To: git

On Fri, May 22, 2020 at 12:55 PM Elijah Newren <newren@gmail.com> wrote:
>
> These mails from the maintainer may be of interest to you, though I
> think they lean towards there being no formal definition:
>
> https://lore.kernel.org/git/xmqqwo5luj6r.fsf@gitster.c.googlers.com/
>
> https://lore.kernel.org/git/xmqq8t8bvz6x.fsf@gitster-ct.c.googlers.com/

Thank you for those links.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Git stable releases
  2020-05-14 20:25 Git stable releases John Carlissi
  2020-05-22 15:32 ` John Carlissi
@ 2020-05-24 16:26 ` Junio C Hamano
  1 sibling, 0 replies; 5+ messages in thread
From: Junio C Hamano @ 2020-05-24 16:26 UTC (permalink / raw)
  To: John Carlissi; +Cc: git

John Carlissi <johncarlissi@gmail.com> writes:

> I noticed that with 2.16.6 development stopped whereas with the latest
> security update, everything 2.17 and newer got the fix. Is there any
> formal definition as to when a minor version is EOL and no longer gets
> security updates?

Nothing formal, but I try not to give a false sense of security by
backmerging a fix to maintenance tracks that are too old.  Unless
a "fix" is quite trivial, it always risks introducing new bugs,
given that most developers and testers work on the more modern
codebase.  A call to a helper that is made to "fix" an issue may be
safe in today's codebase, but the same helper in the ancient
maintenance track may not have been updated to match what the new
callsite expects it to do, for example.

Limiting backmerging also is a way to encourage people to update to
the latest major releases.

I currently aim to limit to at most four or five of maintenance
tracks.  Each development cycle usually lasts for 8-10 weeks, so
that means the shelf life of a major release is about 8 months at
the most---but sometimes people get greedy and demand backmerging to
way older tracks.  The last one for 2.17.x track was an example.

Of course, the above does not mean distro packagers and managers of
platform specific ports are not allowed to backport the fixes to
older codebase than I cut "official" maitenance releases for.


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, back to index

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-14 20:25 Git stable releases John Carlissi
2020-05-22 15:32 ` John Carlissi
2020-05-22 16:54   ` Elijah Newren
2020-05-22 21:06     ` John Carlissi
2020-05-24 16:26 ` Junio C Hamano

git@vger.kernel.org list mirror (unofficial, one of many)

Archives are clonable:
	git clone --mirror https://public-inbox.org/git
	git clone --mirror http://ou63pmih66umazou.onion/git
	git clone --mirror http://czquwvybam4bgbro.onion/git
	git clone --mirror http://hjrcffqmbrq6wope.onion/git

Example config snippet for mirrors

Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.version-control.git
	nntp://ou63pmih66umazou.onion/inbox.comp.version-control.git
	nntp://czquwvybam4bgbro.onion/inbox.comp.version-control.git
	nntp://hjrcffqmbrq6wope.onion/inbox.comp.version-control.git
	nntp://news.gmane.io/gmane.comp.version-control.git

 note: .onion URLs require Tor: https://www.torproject.org/

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git