This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: 2.15 and 2.16 branch status, releases


On Wednesday 15 August 2012 16:30:44 Joseph S. Myers wrote:
> On Wed, 15 Aug 2012, Carlos O'Donell wrote:
> > On 8/15/2012 3:11 PM, Andreas Jaeger wrote:
> > > Carlos, do you want the fix on the 2.16 branch as well?
> > > 
> > > Andreas
> > 
> > Yes. Could you please file a new bug, keyword glibc_2.16 and ask for the
> > commit to backport?
> > 
> > I've been shirking my 2.15 and 2.16 release branch maintainer
> > responsibilities, but I plan to do a bunch of changes tomorrow
> > (Thursday) and having a list to work from makes it easy.
> 
> The strtod security fix (bug 14459, CVE-2012-3480) will also be
> appropriate for release branches once on master.  Do people think that
> security bug fixes should prompt making point releases of active release
> branches, to get the fixes out to users of release tarballs?  Would it
> make sense to have a list of CVEs for glibc and details of fixed versions
> / fix commits - would any of the people who made previous proposals
> regarding handling security bugs be interested in maintaining that sort of
> list?

if we have the CVE's readily available, i would just list them in the 
ChangeLog/NEWS file like we do with BZ #'s.  if we don't, then i wouldn't go 
out of my way to track these things down.  at the end of the day, i'm not sure 
listing these explicitly really adds that much useful information.

when it comes to branches, cherry picking makes sense.  as for pushing out a 
new point release immediately, i'm not sure we have to trip over ourselves to 
make it happen.  if a point release hasn't been made for some time, then it's 
probably a convenient sync point.  but if there's other things we plan on 
bringing in, then it's just as easy for distros to `git format-patch` a 
specific commit and apply it themselves ahead of time.
-mike

Attachment: signature.asc
Description: This is a digitally signed message part.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]