On 02/18/2017 08:14 AM, Johnny Hughes wrote:
On 02/17/2017 02:32 PM, Kevin Stange wrote:
Given the circumstances, might it make sense to offer formal advisories of some type for these to indicate when the packages going to live are for security or other reasons?
We release xen every 2nd (even numbered) release as a goal (4.4, 4.6, 4.8)
We don't normally release anything other than security updates. This is a SIG that requires community participation .. so far, George Dunlap and I are really the only people contributing.
What I mean is .. other than the base release in a major version (so the first 4.6 release), the follow on updates all happen as the result of an XSA from the list.
It is certainly possible that we COULD release a bugfix update at some point, but if you look at my git repo:
https://github.com/hughesjr/xen
There is a xen-44 and a xen-46 branch .. you can see all the change and why from there. If you look, almost all of them are for XSAs.
<snip>