Re: Release Critical Security Bug in Bazel Dependency
Same feeling here, I think we should focus on the LTS release first.
On Fri, Jun 4, 2021 at 2:18 PM Jesse Chan <firstname.lastname@example.org
Agreed. I think we should focus on one thing at a time. We can have a
better discussion after we got the bazel-4 ready.
On 6/3/2021, Olek Wojnar wrote:
> On Tue, Jun 1, 2021 at 3:51 AM Yun Peng <email@example.com
> <mailto:firstname.lastname@example.org>> wrote:
> On Mon, May 31, 2021 at 11:03 PM Olek Wojnar <email@example.com
> <mailto:firstname.lastname@example.org>> wrote:
> Cool! This is a good opportunity to discuss how we're going to
> handle Bazel rolling releases. Our packaging plan specifically
> calls for packaging LTS releases but does not address what we
> do in between. i.e. would we create something like a
> bazel-rolling package that tracks current development?
> So, does anyone have any thoughts on whether or not to package
> rolling releases? Given Yun's explanation, those would be the
> 5.0.0-pre.<date> releases. I have mixed feelings. On one hand, it
> would be an effective way of identifying packaging problems in advance
> (and possibly fixing upstream problems during the primary development
> timeframe). On the other hand, it would be a significant amount of
> additional work. Some but not all of that work would just be a
> front-loaded investment in making the packaging for the next version
> I'm hoping that once we get more packages building with Bazel in
> Debian our team will grow and we'll be able to easily package the
> rolling releases. Right now though (speaking for myself) I'm
> task-saturated just working on the LTS Bazel ecosystem.
> Other thoughts?