On Thu, Feb 20, 2014 at 2:37 PM, Ryan Lane <rlane32(a)gmail.com> wrote:
Note that unless you're willing to keep up to date
with WMF's relatively
fast pace of branching, you're going to miss security updates. No matter
what, if you use git you're going to get security updates slower, since
they are released into the tarballs first, then merged into master, then
branches (is this accurate?). Sometimes the current WMF branch won't even
get the security updates since they are already merged locally onto
Wikimedia's deployment server.
I've been releasing tarballs, then pushing the fixes into the release
branches and master in gerrit. It all happens within a couple of hours, but
the tarballs have a slightly narrower timeframe. I rarely push to wmfXX
branches, since those already have the patches applied on the cluster, and
the next branch cut from master will contain the fix from master.
We're potentially moving to pushing them into gerrit and having jenkins
build the tarballs, so this process might be flipped in the near future.