Re: How to coordinate web team for security releases?

On Mon, 5 Feb 2007, Tom Lane wrote:

> Devrim GUNDUZ <devrim(at)CommandPrompt(dot)com> writes:
>> * Upload the new tarballs to a private area (instead of public FTP site)
>> so that only packagers and other related people can download them to
>> build the packages, etc.
>
> We're not going to be able to make things really water-tight unless we
> are willing to close off CVS somehow; which is not an idea I favor.
> So I'm not particularly concerned about hiding tarballs --- especially
> since that's not something we'd do in a normal, non-security release
> cycle. As I said before, keeping it off the mailing lists is probably
> sufficient, and in any case has to be our first goal before we start
> worrying about any more-invasive procedural changes.

I hope we will not go beyond this.

btw, how other OSS projects manage releases ?

Inkscape, for example, just didn't announce it's 0.45 release, but
all tarballs were available from sourceforge site.

Regards,
Oleg
_____________________________________________________________
Oleg Bartunov, Research Scientist, Head of AstroNet (www.astronet.ru)
Sternberg Astronomical Institute, Moscow University, Russia
Internet: oleg(at)sai(dot)msu(dot)su, http://www.sai.msu.su/~megera/
phone: +007(495)939-16-83, +007(495)939-23-83