[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release Critical Security Bug in Bazel Dependency

On Tue, Jun 1, 2021 at 3:51 AM Yun Peng <pcloudy@google.com> wrote:

On Mon, May 31, 2021 at 11:03 PM Olek Wojnar <olek@debian.org> wrote:

Cool! This is a good opportunity to discuss how we're going to handle Bazel rolling releases. Our packaging plan specifically calls for packaging LTS releases but does not address what we do in between. i.e. would we create something like a bazel-rolling package that tracks current development?

 So, does anyone have any thoughts on whether or not to package rolling releases? Given Yun's explanation, those would be the 5.0.0-pre.<date> releases. I have mixed feelings. On one hand, it would be an effective way of identifying packaging problems in advance (and possibly fixing upstream problems during the primary development timeframe). On the other hand, it would be a significant amount of additional work. Some but not all of that work would just be a front-loaded investment in making the packaging for the next version easier.

I'm hoping that once we get more packages building with Bazel in Debian our team will grow and we'll be able to easily package the rolling releases. Right now though (speaking for myself) I'm task-saturated just working on the LTS Bazel ecosystem.

Other thoughts?


Reply to: