Skip to content
  • Michael Catanzaro's avatar
    Expand security policy to cover previous stable branch · 61075ef0
    Michael Catanzaro authored and Philip Withnall's avatar Philip Withnall committed
    The goal here is to reconcile the difference between GLib's 6-month
    security policy and GNOME's 12-month policy (which may soon be expanded
    to 13 months, gnome-build-meta#731). It's strange for GLib to be an
    exception when the rest of GNOME supports two stable branches at a time.
    I'm not aware of any other GNOME project with a shorter release lifetime
    than GNOME itself, and it results in a situation where the previous
    stable version of the GNOME runtime never receives any GLib updates,
    since we stick with the same GLib version for the entire release and do
    not do security backports.
    But I also want to avoid creating an expectation that GLib maintainers
    will do a bunch of additional backporting work, so most commits should
    be out of scope. We can say maintainer discretion will be used to
    determine whether a backport to the previous stable branch is warranted.
    And normally, it won't be, so the goal should be no previous stable
    branch releases. But occa...