So the .SP releases are a bit different to what other projects do.

In general all work except for embargoed security issues are pushed upstream first, and these are also pushed upstream once the embargo is lifted. This means that once the embargo is lifted and security patches are pushed upstream the SP releases are a strict subset of the current upstream branches.

The reason for this is that EAP does not want every commit, as it aims to provide a very stable environment so the number of changes that go into a release are limited to issues that actually affect EAP. For a commit to go into EAP it also needs to be tested and verified by the Red Hat QE, and they can only test so much.

That said I don't think there is any particular reason why we don't push the tags after embargo has been lifted, mostly just that nobody has asked for them. Really though there is no reason to use a SP release over the latest community version, as the SP releases are based on the requirements of EAP and not the community at large.

Stuart

On Tue, 28 Apr 2020 at 03:41, Francisco A. Lozano <flozano@gmail.com> wrote:
Hi, 

So the SP tags are not created in the open-source repositories as a rule?  (and of course neither are binaries published in maven)?

Are you implying that RH is not releasing "SP" fixes in 2.0.X as open-source in the normal repos?

If that is the case, I'd like to understand fully what is the policy for releasing bug-fixes, security fixes and such. Is there any document that explains such policy? I have built stuff that right now depends on 2.0.X, as many others I guess, based in (wrong?) assumptions about the open-ness of this project. 

br,
Francisco A. Lozano


El lun., 27 abr. 2020 a las 17:49, Flavia Rainone (<frainone@redhat.com>) escribió:
Hi Francisco

The SP tags are done in Red Hat internal product repositories.

The 2.1.0.Final? is uploaded to the github.repo.

Regards,
Flavia

On Wed, Apr 22, 2020 at 9:59 AM Francisco A. Lozano <flozano@gmail.com> wrote:
Hi,

- I can't find 2.0.30.sp1 and 2.1.0 final tags in https://github.com/undertow-io/undertow . 
- In binary form, I can find 2.1.0.Final? in maven central repository, but 2.0.30.sp1 is not available there either.

Francisco A. Lozano
_______________________________________________
undertow-dev mailing list
undertow-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev


--

Flavia Rainone

Principal Software Engineer

Red Hat

frainone@redhat.com   

_______________________________________________
undertow-dev mailing list
undertow-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev