[Releasing] Security release process

[Heikkinen Jani]

Hi all,

There seems to be discussion in irc related to security patch for 5.1.1. For me there is couple of issues a bit unclear


1.      What is that security issue to be fixed? I haven't notice any request etc related it?



2.      What is the problem there. If we need to offer (or even release) security fix for 5.1.1 and call it 5.1.2 (5.1.1 + just that security fix) it should be pretty straight forward: current release branch is 5.1.1  so just add that one change there and re-tag it. Then we will have that 5.1.2 in official release branch and users can take it if needed. And we can even release it ( of course we don't want to do it now but still it is possible). I have read mails related to these old/5.0 or old/5.1 branches and to be honest I don't fully understood role of those. I understood that those are used to integrate important fixes on to top of those old releases but still those aren't official release branches at all. So those shouldn't affect anything for our releasing process, right? If we have to "launch" (tag) security release 5.1.2, it will be done from official release branch by just adding that one fix there, tag it to 5.1.2 and that's it? And of course add that fix for those old/5.0 or old/5.1 branches as well. Then users can either use official 5.1.2 "release" or use unofficial version from old/5.1 branch and everybody should be happy, right?


Br,
Jani

------------------------------------------------------------------
Jani Heikkinen
Release Manager

Digia Plc
Elektroniikkatie 10, FI 90590 Oulu Finland


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/releasing/attachments/20131108/d5096f0b/attachment.html>