[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen release cycle revisited

To: Juergen Gross <jgross@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxxxxx>
Date: Thu, 14 Dec 2017 11:28:58 +0000
Cc: Lars Kurth <lars.kurth@xxxxxxxxxx>, "committers@xxxxxxxxxxxxxx" <committers@xxxxxxxxxxxxxx>
Delivery-date: Thu, 14 Dec 2017 11:29:11 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>



On 14/12/17 07:56, Juergen Gross wrote:

Hi all,


Hi Juergen,

I would recommend to CC committers on that thread, so your thread don'tget lost in the xen-devel meanders :).

with 4.10 more or less finished it is time to plan for the next release
4.11. Since 4.7 we are using a 6 month release cycle [1] targeting to
release in June and December.

While this worked reasonably well for 4.7, 4.8 and 4.9 we had some
difficulties with 4.10: bad luck with security patch timing shifted the
4.10 release more towards mid of December. Doing thorough testing of the
latest security patches and trying to release at least 10 days before
Christmas seemed to be almost mutually exclusive goals.

So what do we learn from this experience?

1. Should we think about other planned release dates (e.g. May and
    November - would that collide with any holiday season)?

2. Shouldn't we have tried to include the latest security patches in
    4.10, resulting in the need for 4.10.1 at once?


I am not sure to understand this questions here.


3. Should we let the release slip for almost a month in such a case?

The problem is XSAs can happen at any time. Let's imagine we decided torelease in January, what if a new security was discovered duringchristmas? Are we going to slip the release again?


4. Should we try harder to negotiate embargo dates of security issues to
    match the (targeted) release dates?

Those 4 XSAs was first released under embargoed a couple of days beforethe targeted release dates.

The usual embargo period is 2 weeks. I think it would be difficult torequest a shorter embargo period because downstream product need time toapply/test the security fixes.


5. Should we modify the development/hardening periods?

For 4.11 we shouldn't have this problem: while targeted for releasing in
early June it wouldn't be a nightmare to let it slip into July. 4.12
however will probably face the same problem again and we should prepare
for that possibility.


Juergen

[1]: https://lists.xen.org/archives/html/xen-devel/2015-10/msg00263.html


Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] Xen release cycle revisited
  - From: Juergen Gross

References:
- [Xen-devel] Xen release cycle revisited
  - From: Juergen Gross

Prev by Date: Re: [Xen-devel] [PATCH 0/8] xen: add pvh guest support
Next by Date: Re: [Xen-devel] [PATCH 0/8] xen: add pvh guest support
Previous by thread: [Xen-devel] Xen release cycle revisited
Next by thread: Re: [Xen-devel] Xen release cycle revisited
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.