<quote name="Ryan Lane" date="2014-02-20" time="14:37:01
-0800">
Note that unless you're willing to keep up to date
with WMF's relatively
fast pace of branching, you're going to miss security updates. No matter
what, if you use git you're going to get security updates slower, since
they are released into the tarballs first, then merged into master, then
branches (is this accurate?). Sometimes the current WMF branch won't even
get the security updates since they are already merged locally onto
Wikimedia's deployment server.
That's a good point, with one small clarification/rewording:
Someone who's following wmfXX branches will get the security fixes the
next branch after the tarball is released. That's usually with in the
working week (we tend to release tarballs on Mon/Tues, with new branches
on Thursday).
So, yes, if you're pacing behind on the wmfXX branches, you'll want to
take note of security releases and backport patches as appropriate (all
security bugs have single patches attached to the Bugzilla report, and
those are made public after the tarball is released).
Greg
--
| Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E |
| identi.ca: @greg A18D 1138 8E47 FAC8 1C7D |