On 01/15/2014 07:32 AM, Michal Privoznik wrote:
On 14.01.2014 17:53, Eric Blake wrote:
Mitre tried to assign us two separate CVEs for the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1047577, on the grounds that the fixes were separated by more than an hour and thus triggered different hourly snapshots. But we explicitly do NOT want to treat transient security bugs as CVEs if they can only be triggered by patches in libvirt.git but where the problem is cleaned up before a formal release.
Meanwhile, I noticed that while our wiki mentioned maintenance branches and releases, our formal documentation did not.
* docs/downloads.html.in: Contrast hourly snapshots with maintenance branches.
Signed-off-by: Eric Blake <eblake@redhat.com> ---
Doc only, so suitable for 1.2.1 if it gets reviewed in time.
ACK & safe for the upcoming release.
Thanks; pushed. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org