The project discussed this several years ago as well as adding LTS brances but ultimately decided against it due to the maintenance costs and burdens placed on owners. Not sure what has changed since security is always changing and evolving.
I have so many commits I have yet to get commited because I am constantly
playing catchup with the new releases.
I would recommend to any and all contributors to submit commits regardless of where in the release cycle things are. Breaking commits up into small manageable PRs means that over time there won't be a need to catchup. Otherwise, the time between catching up and release will ultimately become unmanageable.
On Wed, Sep 4, 2019 at 10:11 AM Trey Henefield trey.henefield@ultra-ats.com wrote:
I second that idea. Along with a release schedule.
I have so many commits I have yet to get commited because I am constantly playing catchup with the new releases.
Best regards,
Trey Henefield, CISSP Senior IAVA Engineer
Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA
Trey.Henefield@ultra-ats.com Tel: +1 512 327 6795 ext. 647 Fax: +1 512 327 8043 Mobile: +1 512 541 6450
*From:* Watson Sato wsato@redhat.com *Sent:* Wednesday, September 4, 2019 10:53 AM *To:* SCAP Security Guide scap-security-guide@lists.fedorahosted.org *Subject:* Short lived branches for stabilization before release
Hello,
I'd like to prose and ask for feedback on $subject idea.
The main objective is to have a place and period of time to fix bugs before a release happens.
This would give interested parties space and time to work on fixes, and it would be more transparent and evident that a release is around the corner.
How would this work?
Around two weeks before the release date, a branch is created for the next version and only fixes can be merged to this branch.
When release date comes, release happens from the branch. And then it is merged back into master, so that fixes are there too.
--
Watson Sato Security Technologies | Red Hat, Inc
*Disclaimer* The information contained in this communication from * trey.henefield@ultra-ats.com trey.henefield@ultra-ats.com * sent at 2019-09-04 12:10:35 is private and may be legally privileged or export controlled. It is intended solely for use by * scap-security-guide@lists.fedorahosted.org scap-security-guide@lists.fedorahosted.org * and others authorized to receive it. If you are not * scap-security-guide@lists.fedorahosted.org scap-security-guide@lists.fedorahosted.org * you are hereby notified that any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful.
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...
Gabe, What changes more, the scanning engine or the rule content? If the engine is moderately stable, then splitting the rule content off would only need to maintain support for previous release engines, but distributions could stabilize on a distro-validated engine while the content can then update more frequently. Folks within a distro might find it easier to submit patches to older engines as well.
Disclosure: I’ve never edited the ComplianceAsCode code base either to build or modify, so, not an expert.
Thanks, Charlie Todd
From: Gabe Alford redhatrises@gmail.com Sent: Tuesday, September 10, 2019 4:51 PM To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Subject: [EXTERNAL] Re: Short lived branches for stabilization before release
The project discussed this several years ago as well as adding LTS brances but ultimately decided against it due to the maintenance costs and burdens placed on owners. Not sure what has changed since security is always changing and evolving.
I have so many commits I have yet to get commited because I am constantly playing catchup with the new releases.
I would recommend to any and all contributors to submit commits regardless of where in the release cycle things are. Breaking commits up into small manageable PRs means that over time there won't be a need to catchup. Otherwise, the time between catching up and release will ultimately become unmanageable.
On Wed, Sep 4, 2019 at 10:11 AM Trey Henefield <trey.henefield@ultra-ats.commailto:trey.henefield@ultra-ats.com> wrote:
I second that idea. Along with a release schedule.
I have so many commits I have yet to get commited because I am constantly playing catchup with the new releases.
Best regards,
Trey Henefield, CISSP Senior IAVA Engineer
Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA
Trey.Henefield@ultra-ats.commailto:Trey.Henefield@ultra-ats.com Tel: +1 512 327 6795 ext. 647 Fax: +1 512 327 8043 Mobile: +1 512 541 6450
From: Watson Sato <wsato@redhat.commailto:wsato@redhat.com> Sent: Wednesday, September 4, 2019 10:53 AM To: SCAP Security Guide <scap-security-guide@lists.fedorahosted.orgmailto:scap-security-guide@lists.fedorahosted.org> Subject: Short lived branches for stabilization before release
Hello,
I'd like to prose and ask for feedback on $subject idea. The main objective is to have a place and period of time to fix bugs before a release happens. This would give interested parties space and time to work on fixes, and it would be more transparent and evident that a release is around the corner.
How would this work? Around two weeks before the release date, a branch is created for the next version and only fixes can be merged to this branch. When release date comes, release happens from the branch. And then it is merged back into master, so that fixes are there too.
-- Watson Sato Security Technologies | Red Hat, Inc
Disclaimer The information contained in this communication from trey.henefield@ultra-ats.commailto:trey.henefield@ultra-ats.com sent at 2019-09-04 12:10:35 is private and may be legally privileged or export controlled. It is intended solely for use by scap-security-guide@lists.fedorahosted.orgmailto:scap-security-guide@lists.fedorahosted.org and others authorized to receive it. If you are not scap-security-guide@lists.fedorahosted.orgmailto:scap-security-guide@lists.fedorahosted.org you are hereby notified that any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful. _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.orgmailto:scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.orgmailto:scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=l0-ua1e-QNsNQGklSskZ0-sck042bomBFUJED6_CowA&s=2_BLvUQXMEXriMjr0yOEpWGS5ASpHDLIfZ99Y7e5SyU&e= List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelineshttps://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=l0-ua1e-QNsNQGklSskZ0-sck042bomBFUJED6_CowA&s=h2tCZVeDR8O-r4CTHUxxfWDwBCGw4iEAYxEugot5fNE&e= List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_scap-2Dsecurity-2Dguide-40lists.fedorahosted.org&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=l0-ua1e-QNsNQGklSskZ0-sck042bomBFUJED6_CowA&s=ZGwgqMSDt7i0yakRf1TLmz-QlxYPQYE1KKHQRTIWPFk&e=
This message and any enclosures are intended only for the addressee. Please notify the sender by email if you are not the intended recipient. If you are not the intended recipient, you may not use, copy, disclose, or distribute this message or its contents or enclosures to any other person and any such actions may be unlawful. Ball reserves the right to monitor and review all messages and enclosures sent to or from this email address.
*From:* Gabe Alford redhatrises@gmail.com *Sent:* Tuesday, September 10, 2019 4:51 PM *To:* SCAP Security Guide scap-security-guide@lists.fedorahosted.org *Subject:* [EXTERNAL] Re: Short lived branches for stabilization before release
The project discussed this several years ago as well as adding LTS brances but ultimately decided against it due to the maintenance costs and burdens placed on owners.
Not sure what has changed since security is always changing and evolving.
Yes, I think that it is still the case, but the point is not to have LTS branches and mainlining them. It is about a creating a branch just focused on fixing bugs before release. After the release, the fixes are merged to master, and the branch closed.
I have so many commits I have yet to get commited because I am
constantly playing catchup with the new releases.
I would recommend to any and all contributors to submit commits regardless of where in the release cycle things are.
Breaking commits up into small manageable PRs means that over time there won't be a need to catchup. Otherwise, the time between catching up and release will ultimately become unmanageable.
I second that.
On Tue, Sep 10, 2019 at 11:03 PM Todd, Charles CTODD@ball.com wrote:
Gabe,
What changes more, the scanning engine or the rule content? If the engine is moderately stable, then splitting the rule content off would only need to maintain support for previous release engines, but distributions could stabilize on a distro-validated engine while the content can then update more frequently. Folks within a distro might find it easier to submit patches to older engines as well.
Disclosure: I’ve never edited the ComplianceAsCode code base either to build or modify, so, not an expert.
Todd, I'm not sure I understand your point, but ComplianceAsCode is about the content, ;)
Thanks,
Charlie Todd
scap-security-guide@lists.fedorahosted.org