Return-Path: X-Original-To: apmail-corinthia-dev-archive@minotaur.apache.org Delivered-To: apmail-corinthia-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E594C17980 for ; Tue, 3 Feb 2015 16:07:07 +0000 (UTC) Received: (qmail 63190 invoked by uid 500); 3 Feb 2015 16:07:08 -0000 Delivered-To: apmail-corinthia-dev-archive@corinthia.apache.org Received: (qmail 63164 invoked by uid 500); 3 Feb 2015 16:07:08 -0000 Mailing-List: contact dev-help@corinthia.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@corinthia.incubator.apache.org Delivered-To: mailing list dev@corinthia.incubator.apache.org Received: (qmail 63141 invoked by uid 99); 3 Feb 2015 16:07:05 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Feb 2015 16:07:05 +0000 X-ASF-Spam-Status: No, hits=1.0 required=5.0 tests=SPF_SOFTFAIL X-Spam-Check-By: apache.org Received-SPF: softfail (nike.apache.org: transitioning domain of dennis.hamilton@acm.org does not designate 216.234.124.50 as permitted sender) Received: from [216.234.124.50] (HELO barracuda.supercp.com) (216.234.124.50) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Feb 2015 16:06:40 +0000 X-ASG-Debug-ID: 1422979580-08c1cb0f9f28df750001-KCmPzH Received: from a2s42.a2hosting.com (a2s42.a2hosting.com [216.119.133.2]) by barracuda.supercp.com with ESMTP id fpxnhw5StsDHVaVg for ; Tue, 03 Feb 2015 11:06:20 -0500 (EST) X-Barracuda-Envelope-From: dennis.hamilton@acm.org X-Barracuda-Apparent-Source-IP: 216.119.133.2 Received: from 75-165-123-152.tukw.qwest.net ([75.165.123.152]:32962 helo=Astraendo2) by a2s42.a2hosting.com with esmtpa (Exim 4.82) (envelope-from ) id 1YIfzW-002ULB-DE for dev@corinthia.incubator.apache.org; Tue, 03 Feb 2015 11:06:19 -0500 Reply-To: From: "Dennis E. Hamilton" To: Subject: Support Policies for Corinthia releases Date: Tue, 3 Feb 2015 08:06:17 -0800 X-ASG-Orig-Subj: Support Policies for Corinthia releases Organization: NuovoDoc Message-ID: <002f01d03fcb$58cdaed0$0a690c70$@acm.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 15.0 Thread-Index: AdA/x5jJx9LEl1mhQDCXXBR6H10JPA== Content-Language: en-us X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - a2s42.a2hosting.com X-AntiAbuse: Original Domain - corinthia.incubator.apache.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - acm.org X-Get-Message-Sender-Via: a2s42.a2hosting.com: authenticated_id: himself+orcmid.com/only user confirmed/virtual account not confirmed X-Barracuda-Connect: a2s42.a2hosting.com[216.119.133.2] X-Barracuda-Start-Time: 1422979580 X-Barracuda-URL: https://216.234.124.50:443/cgi-mod/mark.cgi Received-SPF: softfail (supercp.com: domain of transitioning dennis.hamilton@acm.org does not designate 75.165.123.152 as permitted sender) X-Virus-Scanned: by bsmtpd at supercp.com X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=4.0 KILL_LEVEL=5.0 tests=BSF_SPF_SOFTFAIL X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.14900 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 BSF_SPF_SOFTFAIL Custom Rule SPF Softfail X-Virus-Checked: Checked by ClamAV on apache.org I was just pointed to this interesting post about depth of support for = released artifacts: . That article links to an interesting problem about the GHOST exploit = against a vulnerability in glibc, . It strikes me that it is important that any support policy be explicit. = That is, when does/will support for a version end, what exceptions might = there be, and for how long. It is also important to have an effective way for downstream users to = know when the support life is/will end for a given release or related = binaries, and to be able to know when a new release provides critical = updates that may impact their usage. Some creativity may be needed for = accomplishing effective notifications. - Dennis THINKING OUT LOUD There can be two factors in this. Releases that repair serious defects, = such as crashers, data corruption, and security vulnerabilities my = involve fixes to Corinthia source codes. They may involve dependencies = in convenience binaries where the defect in the dependency extends into = Corinthia. =20 Even though the replacement of a dependency version may be a minor = change in the Corinthia code base, it may be appropriate to do a release = and make new convenience binaries for built libraries and executables = that the dependency is bolted into that code. This support-life = business should perhaps be a factor in deciding exactly what convenience = binaries the project is willing to provide and support. I think we need to be clear about what level of release versions counts = with respect to the aging policy. Going from m.n.p to m.n.(p+1) = probably should not (assuming a "semantic versioning" practice). Going = from m.n.* to m.(n+1).* probably should count as a version step in terms = of any support assurance. If the policy is to extend support two back, = it would be at that m.* level. When there is a change at the m level, = One might support the previous two releases for a longer time because of = the m+1 changes being so significant, especially if there is a change in = system requirements. -- Dennis E. Hamilton orcmid@apache.org dennis.hamilton@acm.org +1-206-779-9430 https://keybase.io/orcmid PGP F96E 89FF D456 628A X.509 certs used and requested for signed e-mail