On Wed, 29 May 2013 21:41:58 +0200, Jesus Cea firstname.lastname@example.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 29/05/13 16:41, R. David Murray wrote:
I asked about this on IRC and was told that 3.2 is now a standalone branch like 2.7. Security fixes will be applied by the release manager only, and Georg doesn't see any point in null merging the commits.
Could this be written somewhere?. For instance, how the release manager must be notified about a potential relevant changeset for his/her branch.
By making it a release blocker in the tracker. (Once it is public...I would imagine release managers have to be on the security mailing list...though I don't know that for a fact.)
I imagine there's something in the devguide about security branches, this info could be added there.