MicroReleaseExceptions

Differences between revisions 1 and 15 (spanning 14 versions)
Revision 1 as of 2007-07-17 00:11:11
Size: 1013
Editor: sites
Comment: proposal from sprint
Revision 15 as of 2011-01-11 16:23:39
Size: 1524
Editor: 63
Comment: link to bzr policy discussion
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
'''This is a ''proposed'' change, and must be ratified by the Tech Board first.''' '''This was ratified by the Tech Board on 2007-08-14.'''
Line 5: Line 5:
 * Allow for an exception in SRUs to the "patch must be as small and unintrusive as possible" requirement for specific packages that meet the criteria:  * Allow for an exception in [[StableReleaseUpdates|SRU]]s to the "patch must be as small and unintrusive as possible" requirement for specific packages that meet the criteria:
Line 9: Line 9:
 * On a case-by-case basis, if the security team rates the chance of vulnerability exploitation greater than the chance of regression for a given update, it can skip SRU and go directly through the security queue.
  * The security team will have the responsibility to maintain and review the list of packages that are exceptions to the SRU rule, as well as approve package additions.
  * Existing de facto exceptions are:
   * firefox
   * mozilla-thunderbird, thunderbird
   * postgresql-8.1, postgresql-8.2		  * The [[TechnicalBoard|technical board]] will have the responsibility to maintain and review the list of packages that are exceptions to the SRU rule, as well as approve package additions.
  * Changes to the exception list must be brought to the TB via email (technical-board@lists.ubuntu.com). The request is expected to include justification against the above criteria.
  * Changes can be approved via any single TB member
 * Approved exceptions:
  * firefox
  * mozilla-thunderbird, thunderbird
  * postgresql-X.Y
  * clamav (approved on 2009-01-09)
  * bzr ([[https://lists.ubuntu.com/archives/technical-board/2010-September/000513.html|approved on 2010-09-21]]); [[https://lists.ubuntu.com/archives/technical-board/2010-December/000632.html|conditions]]: test suite running during package build from Ubuntu 11.04 on; SRU verification should run test suite in installed sytem
  * chromium-browser, chromium-codecs-ffmpeg, gyp (approved on 2010-11-02)
  * [[Kubuntu/UpdatesPolicy|KDE]] (approved on 2010-11-16)

This was ratified by the Tech Board on 2007-08-14.

SRU micro version update exception

  • Allow for an exception in SRUs to the "patch must be as small and unintrusive as possible" requirement for specific packages that meet the criteria:

    • upstream supports micro-version updates to stable releases
    • upstream has a sufficiently high level of regression testing for their stable releases
    • regression tests are enabled in the package's build

  • The technical board will have the responsibility to maintain and review the list of packages that are exceptions to the SRU rule, as well as approve package additions.

    • Changes to the exception list must be brought to the TB via email (technical-board@lists.ubuntu.com). The request is expected to include justification against the above criteria.

    • Changes can be approved via any single TB member
  • Approved exceptions:
    • firefox
    • mozilla-thunderbird, thunderbird
    • postgresql-X.Y
    • clamav (approved on 2009-01-09)

    • bzr (approved on 2010-09-21); conditions: test suite running during package build from Ubuntu 11.04 on; SRU verification should run test suite in installed sytem

    • chromium-browser, chromium-codecs-ffmpeg, gyp (approved on 2010-11-02)

    • KDE (approved on 2010-11-16)

StableReleaseUpdates/MicroReleaseExceptions (last edited 2015-09-29 16:25:28 by pitti)