On Thu, Feb 20, 2014 at 2:37 PM, Ryan Lane rlane32@gmail.com wrote:
Note that unless you're willing to keep up to date with WMF's relatively fast pace of branching, you're going to miss security updates. No matter what, if you use git you're going to get security updates slower, since they are released into the tarballs first, then merged into master, then branches (is this accurate?). Sometimes the current WMF branch won't even get the security updates since they are already merged locally onto Wikimedia's deployment server.
I've been releasing tarballs, then pushing the fixes into the release branches and master in gerrit. It all happens within a couple of hours, but the tarballs have a slightly narrower timeframe. I rarely push to wmfXX branches, since those already have the patches applied on the cluster, and the next branch cut from master will contain the fix from master.
We're potentially moving to pushing them into gerrit and having jenkins build the tarballs, so this process might be flipped in the near future.