Quanah Gibson-Mount wrote:
--On Sunday, August 8, 2021 3:21 AM +0100 Howard Chu hyc@symas.com wrote:
Quanah Gibson-Mount wrote:
--On Saturday, August 7, 2021 1:31 PM +0100 Howard Chu hyc@symas.com wrote:
Also for clarity: We consider "Critical" bugs to include security flaws resulting in unauthorized data disclosure, or unauthorized remote code execution. We do not consider assert() failures or crashes resulting only in Denial of Service as security flaws.
That's fine as a general statement, but what we need is an explicit *documented* policy. Likely under "Release Documents" here: https://www.openldap.org/software/
Sounds like you should open a ticket against the website then.
Once we have a clear, concise well formed policy I'll do that.
That's backwards. The ticket has to exist before anyone writes a patch/MR for it.
As a project, we need to decide on a policy. Once we decide on what that policy is, we can document it. IMHO this list is the best place to have that discussion.
Any proposed change should to the website be requested in a ticket. Proposed drafts should be in a merge request that can be iterated on with review comments.
All this nitpicking over *process* is wasting time. What's important at the moment is to get the announcement out that 2.4 is ending, while it can still be considered "advance notice".