updates policy for patch 'tuesdays':
Principle:
Updates should occur at regular intervals by and large. Not everyday and not haphazardly. Security and critical bugfixes should be issued asynchronously, but feature updates, new pkgs and non-critical bugfixes should be issued once a month for the duration of the distros supported lifetime.
specific rules:
- security and critical bugfixes are issued asychronously. FULL STOP.
- if the above require changes/rebuilds to other pkgs then those others pkgs will be included in the async update provided that, if they are an update beyond a rebuild then they have passed a qa check
- all other updates can be included in the monthly update push provided:
- they have passed testing karma checks
- they have passed autoqa checks
- it is not a bugfix(not including rfes) and update falls within the critical path or critical path dependencies, then it cannot be included.
- any other requirement fesco decides on.
definitions:
critical-bugfix: loses/corrupts data, makes system inaccessible, makes system unable to receive updates,
critical-path-bugfix: package/application in a critical-path or critical-path-dependencies have an important bugfix impacting users which is not a critical-bugfix but is still important
security: has a cve or security notice defined with it
bugfix: correct a bug in the software not covered by critical-bugfix definition NOT INCLUDING Requests For Enhancements (RFEs)