On 6/24/14, 6:39 AM, Martin Preisler wrote:
----- Original Message -----
> From: "Jan Lieskovsky" <jlieskov(a)redhat.com>
> To: "SCAP Security Guide"
<scap-security-guide(a)lists.fedorahosted.org>
> Sent: Tuesday, June 24, 2014 10:55:33 AM
> Subject: Formalizing the release process / schedule
>
> Hello folks,
>
> since the request to give more formalized shape to SSG release process /
> schedule
> appeared couple of times in the past already (to mention some example:
>
https://lists.fedorahosted.org/pipermail/scap-security-guide/2014-May/005...)
>
> and since we are hitting the doubt if already make / not to make yet a new
> release each
> time (each couple of weeks), we have decided to share the idea about SSG
> release process
> proposal.
>
> The proposal is to have release of new tarballs to happen at regular time
> (each 4 up
> to 6 weeks), and have a dedicated wiki page listing when the couple of
> upcoming releases
> will happen [1]. Something like Mozilla is doing for their products:
>
https://wiki.mozilla.org/Releases
>
https://wiki.mozilla.org/Releases#Upcoming_Releases
>
https://wiki.mozilla.org/RapidRelease/Calendar
Time-based releases for the win in my experience. Definitely in favour of this change. I
would opt for a longer time window though, 4 weeks might be less efficient than 6 weeks
because of fixed costs of releasing.
Releasing the first Friday of every month makes things predictable.
Frequent upstream releases allow for "leading edge" consumers to rapidly
test content, whereas downstream RHEL-provided releases give the
stability many will be looking for.
One more thing I wanted to mention: Please please tag the releases in
git. It provides more transparency (anybody can repeat the release process and should come
up with the same tarball) and is extremely valuable when digging for regressions between 2
versions.
$ git tag 1.2.3
$ git push --tags
I recommend creating a public release checklist on the project's wiki. I have one for
scap-workbench to make sure I never screw up when releasing. See
https://fedorahosted.org/scap-workbench/wiki/ReleaseChecklist
We did this.... once (for the initial STIG release). Your idea of a
release checklist is great.