Release unification: Security fixes and releases
Hello everyone, can we maybe find a consistent way of labelling releases/ fixes "security"? All new releases contain XSS patches… - 3.20 and 3.22 are labelled "security release" in the emails/ release notes - 16.05 is not - 16.05 and 3.20 list the fixes under the headline "Critical bugs/ Koha - 3.22 as "Security bugs fixed" on top of the list - 3.22 features "security" in the release notes headline (and so in the URL in Wordpress) - The others don't The first question is probably… - Is a security release only a special release in between the regular schedule or - is a security release everything that contains patches with security fixes? It seems to me that the second option is more common within the Koha community and personally I'd prefer it. We should shout it at people and make them upgrade. To underline that intention, showing the security fixes seperately on top of the release notes makes sense to me. I propose to… - use the label "security release" in the release notes headline and first paragraph (and Wordpress URL) - mention number of security fixes seperately - display them under the headline "Security bugs fixed" on top of the list …whenever there are patches from "Koha security" in a release. Basically that is what we have in the 3.22.10 release notes: https://koha-community.org/koha-3-22-10-security-release/ Does that make sense? Any reasons not to do it? Is it harming artistic freedom of RMaints? Would it complicate stuff a lot? I think it would be a good thing to have some consistency here. Cheers, Mirko -- Mirko Tietgen mirko@abunchofthings.net http://koha.abunchofthings.net http://meinkoha.de
I propose to…
- use the label "security release" in the release notes headline and first paragraph (and Wordpress URL) - mention number of security fixes seperately - display them under the headline "Security bugs fixed" on top of the list
…whenever there are patches from "Koha security" in a release.
It seems that Julian do it this way with 3.20 branch. For 16.05, I use a script which generates automatically release notes. This script doesn't distinguish "security" patches from others. The script could be modified of course. I'd be curious to know how Julian creates his release notes, automatically or by hand, or a mix. Kind regards, -- Frédéric DEMIANS http://www.tamil.fr/fdemians
On 26/08/2016 17:41, Frédéric Demians wrote:
I propose to…
- use the label "security release" in the release notes headline and first paragraph (and Wordpress URL) - mention number of security fixes seperately - display them under the headline "Security bugs fixed" on top of the list
…whenever there are patches from "Koha security" in a release.
It seems that Julian do it this way with 3.20 branch.
For 16.05, I use a script which generates automatically release notes. This script doesn't distinguish "security" patches from others. The script could be modified of course. I'd be curious to know how Julian creates his release notes, automatically or by hand, or a mix.
Kind regards,
I believe I use the same script as you, but I make some minor changes by hand -- Julian Maurice <julian.maurice@biblibre.com> BibLibre
If there is a consensus on this point, I can modify the script which generates release notes in order to have the notes the way Julian formats them.
+1 - I think highlighting the security fixes on top is a good idea.
If there is a consensus on this point, I can modify the script which generates release notes in order to have the notes the way Julian formats them. _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
participants (4)
-
Frédéric Demians -
Julian Maurice -
Katrin Fischer -
Mirko Tietgen