[Koha-devel] Release unification: Security fixes and releases

[Mirko Tietgen]

Hello everyone,

can we maybe find a consistent way of labelling releases/ fixes
"security"?

All new releases contain XSS patches…

- 3.20 and 3.22 are labelled "security release" in the emails/
release notes
- 16.05 is not

- 16.05 and 3.20 list the fixes under the headline "Critical bugs/ Koha
- 3.22 as "Security bugs fixed" on top of the list

- 3.22 features "security" in the release notes headline (and so in
the URL in Wordpress)
- The others don't


The first question is probably…
- Is a security release only a special release in between the
regular schedule or
- is a security release everything that contains patches with
security fixes?

It seems to me that the second option is more common within the Koha
community and personally I'd prefer it. We should shout it at people
and make them upgrade.

To underline that intention, showing the security fixes seperately
on top of the release notes makes sense to me.

I propose to…

- use the label "security release" in the release notes headline and
first paragraph (and Wordpress URL)
- mention number of security fixes seperately
- display them under the headline "Security bugs fixed" on top of
the list

…whenever there are patches from "Koha security" in a release.

Basically that is what we have in the 3.22.10 release notes:
https://koha-community.org/koha-3-22-10-security-release/

Does that make sense? Any reasons not to do it? Is it harming
artistic freedom of RMaints? Would it complicate stuff a lot?

I think it would be a good thing to have some consistency here.

Cheers,

Mirko


--

Mirko Tietgen
mirko at abunchofthings.net
http://koha.abunchofthings.net
http://meinkoha.de


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20160826/dff25db2/attachment.pgp>