[Evergreen-dev] Can we make 3.11.7 the last 3.11 release?

Jane Sandberg sandbergja at gmail.com
Thu Jul 18 09:36:48 EDT 2024 

Hi Jeremy,

That's a good point.  In practice, we recently did a security release for
3.10, despite the fact that it was technically 5 months past its official
security EOL.  To me, it sounds like a good discussion topic for a future dev
meeting <https://wiki.evergreen-ils.org/doku.php?id=dev:meetings>, would
you be interested in putting it on an agenda and introducing the
topic, Jeremy?

I haven't heard anybody say that they need more bug fix 3.11 releases after
this one, so we're currently building 3.11.7 with the assumption that it
will be the last bugfix release in the series, and that it will be
security-only after this.

Thanks,

   -Jane

El jue, 11 jul 2024 a la(s) 7:44 a.m., Murray, Jeremy B (
JMurray at library.in.gov) escribió:

> I think it seems odd to have 1 year of general fixes and only 3 additional
> months for security fixes.  Ideally, I would prefer to see security fixes
> extended to 6 months, especially for those who upgrade yearly on a specific
> schedule that might not match up completely with Evergreen’s release
> schedule.
>
>
>
> In practice, if a new vulnerability is discovered and enough of us are
> just beyond the security fix EOL, I imagine we’d still backport the fix.
>
>
>
>
>
> *Jeremy Murray*
> Evergreen Indiana System Administrator
>
> MIS Supervisor
>
> *Management Information Services*
>
> Indiana State Library
>
>
>
> *From:* Evergreen-dev <evergreen-dev-bounces at list.evergreen-ils.org> *On
> Behalf Of *Jane Sandberg via Evergreen-dev
> *Sent:* Thursday, July 11, 2024 10:22 AM
> *To:* Evergreen Development Discussion List <
> evergreen-dev at list.evergreen-ils.org>
> *Subject:* [Evergreen-dev] Can we make 3.11.7 the last 3.11 release?
>
>
>
> **** This is an EXTERNAL email. Exercise caution. DO NOT open attachments
> or click links from unknown senders or unexpected email. ****
> ------------------------------
>
> Hi all,
>
>
>
> According to this wiki pag
> <https://protect2.fireeye.com/v1/url?k=31323334-50bba2bf-31367a34-4544474f5631-e51a3f1bddb1dcab&q=1&e=85966b7f-41b5-4272-aade-6ba283ad7c3c&u=https%3A%2F%2Fwiki.evergreen-ils.org%2Fdoku.php%3Fid%3Ddev%3Arelease_process%3Aschedule%26s%5B%5D%3Dreleases>e,
> 3.11 met its end of life for general bug fixes in May.  There are bug fixes
> that have been pushed to rel_3_11, we've missed some monthly releases, and
> 3.11.7 has already been announced -- so I'm okay with us still putting out
> a 3.11 bugfix release next week.
>
>
>
> But is it okay to call it done for the 3.11 series after this?  Of course,
> we could still do a security release for the 3.11 series if needed.
>
>
>
> What do you think?
>
>
>
>   -Jane
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.evergreen-ils.org/pipermail/evergreen-dev/attachments/20240718/c5297f6e/attachment.htm>

More information about the Evergreen-dev mailing list