[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release Critical Security Bug in Bazel Dependency

Same feeling here, I think we should focus on the LTS release first.

On Fri, Jun 4, 2021 at 2:18 PM Jesse Chan <jc@linux.com> wrote:
Agreed. I think we should focus on one thing at a time. We can have a
better discussion after we got the bazel-4 ready.


On 6/3/2021, Olek Wojnar wrote:
> On Tue, Jun 1, 2021 at 3:51 AM Yun Peng <pcloudy@google.com
> <mailto:pcloudy@google.com>> wrote:
>     On Mon, May 31, 2021 at 11:03 PM Olek Wojnar <olek@debian.org
>     <mailto:olek@debian.org>> wrote:
>         Cool! This is a good opportunity to discuss how we're going to
>         handle Bazel rolling releases. Our packaging plan specifically
>         calls for packaging LTS releases but does not address what we
>         do in between. i.e. would we create something like a
>         bazel-rolling package that tracks current development?
>  So, does anyone have any thoughts on whether or not to package
> rolling releases? Given Yun's explanation, those would be the
> 5.0.0-pre.<date> releases. I have mixed feelings. On one hand, it
> would be an effective way of identifying packaging problems in advance
> (and possibly fixing upstream problems during the primary development
> timeframe). On the other hand, it would be a significant amount of
> additional work. Some but not all of that work would just be a
> front-loaded investment in making the packaging for the next version
> easier.
> I'm hoping that once we get more packages building with Bazel in
> Debian our team will grow and we'll be able to easily package the
> rolling releases. Right now though (speaking for myself) I'm
> task-saturated just working on the LTS Bazel ecosystem.
> Other thoughts?
> -Olek

Reply to: