mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
docs: mention maintenance branches
Mitre tried to assign us two separate CVEs for the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1047577, on the grounds that the fixes were separated by more than an hour and thus triggered different hourly snapshots. But we explicitly do NOT want to treat transient security bugs as CVEs if they can only be triggered by patches in libvirt.git but where the problem is cleaned up before a formal release. Meanwhile, I noticed that while our wiki mentioned maintenance branches and releases, our formal documentation did not. * docs/downloads.html.in: Contrast hourly snapshots with maintenance branches. Signed-off-by: Eric Blake <eblake@redhat.com>
This commit is contained in:
parent
e8eb8d8497
commit
908903b317
@ -22,7 +22,9 @@
|
||||
<p>
|
||||
Once an hour, an automated snapshot is made from the git server
|
||||
source tree. These snapshots should be usable, but we make no guarantees
|
||||
about their stability:
|
||||
about their stability; furthermore, they should NOT be
|
||||
considered formal releases, and they may have transient security
|
||||
problems that will not be assigned a CVE.
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
@ -30,6 +32,28 @@
|
||||
<li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.gz">libvirt.org HTTP server</a></li>
|
||||
</ul>
|
||||
|
||||
<h2><a name="maintenance">Maintenance releases</a></h2>
|
||||
<p>
|
||||
In the git repository are several stable maintenance branches,
|
||||
matching the
|
||||
pattern <code>v<i>major</i>.<i>minor</i>.<i>micro</i>-maint</code>;
|
||||
these branches are forked off the corresponding
|
||||
<code>v<i>major</i>.<i>minor</i>.<i>micro</i></code> formal
|
||||
release, and may have further releases of the
|
||||
form <code>v<i>major</i>.<i>minor</i>.<i>micro</i>.<i>rel</i></code>.
|
||||
These maintenance branches should only contain bug fixes, and no
|
||||
new features, backported from the master branch, and are
|
||||
supported as long as at least one downstream distribution
|
||||
expresses interest in a given branch. These maintenance
|
||||
branches are considered during CVE analysis.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
For more details about contents of maintenance releases, see
|
||||
<a href="http://wiki.libvirt.org/page/Maintenance_Releases">the
|
||||
wiki page</a>.
|
||||
</p>
|
||||
|
||||
<h2><a name="git">GIT source repository</a></h2>
|
||||
|
||||
<p>
|
||||
|
Loading…
Reference in New Issue
Block a user