Re: [edk2-announce] Soft Feature Freeze starts now for edk2-stable202002

["Tim Lewis" <tim.lewis@insyde.com>]

Liming --

Thanks for the pointer. 

The reason I ask is that many users of open source projects such as EDKII
scan the releases for CVE numbers in order to make sure that critical
components get updated. This is due to the fact that CVEs often need to be
reported to downstream users. The Bugzilla list is a little hidden, since
these CVE fixes are not called out directly in the wiki page. It would be
much easier if the BZ items that are related to security fixes are promoted
directly to the wiki page, not just available through a BZ query.

Thanks

Tim

-----Original Message-----
From: Gao, Liming <liming.gao@intel.com> 
Sent: Sunday, February 16, 2020 9:20 PM
To: Tim Lewis <tim.lewis@insyde.com>; devel@edk2.groups.io;
announce@edk2.groups.io
Cc: Guptha, Soumya K <soumya.k.guptha@intel.com>; Kinney, Michael D
<michael.d.kinney@intel.com>; 'Laszlo Ersek' <lersek@redhat.com>;
afish@apple.com; leif.lindholm@linaro.org
Subject: RE: [edk2-announce] Soft Feature Freeze starts now for
edk2-stable202002

Tim:
  There is no special list for the security fixes. All bug fixes will be
found in Bugzilla List in stable tag wiki, such as
https://github.com/tianocore/edk2/releases/tag/edk2-stable201911
  Boot Guard is as the feature. So, it is listed in the feature planning. 

Thanks
Liming
> -----Original Message-----
> From: announce@edk2.groups.io <announce@edk2.groups.io> On Behalf Of 
> Tim Lewis
> Sent: Saturday, February 15, 2020 2:53 AM
> To: Gao, Liming <liming.gao@intel.com>; devel@edk2.groups.io; 
> announce@edk2.groups.io
> Cc: Guptha, Soumya K <soumya.k.guptha@intel.com>; Kinney, Michael D
<michael.d.kinney@intel.com>; 'Laszlo Ersek'
> <lersek@redhat.com>; afish@apple.com; leif.lindholm@linaro.org
> Subject: Re: [edk2-announce] Soft Feature Freeze starts now for 
> edk2-stable202002
> 
> Liming --
> 
> Is there any plan to list all of the security fixes related CVEs that 
> are being checked in to the list of official features for this stable 
> tag? We have listed the Boot Guard one.
> 
> Thanks,
> Tim Lewis
> CTO, Insyde Software
> www.insyde.com
> 
> -----Original Message-----
> From: announce@edk2.groups.io <announce@edk2.groups.io> On Behalf Of 
> Liming Gao
> Sent: Friday, February 14, 2020 12:19 AM
> To: devel@edk2.groups.io; announce@edk2.groups.io
> Cc: Guptha, Soumya K <soumya.k.guptha@intel.com>; Kinney, Michael D 
> <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>; 
> afish@apple.com; leif.lindholm@linaro.org
> Subject: [edk2-announce] Soft Feature Freeze starts now for
> edk2-stable202002
> 
> Hi, all
>   We will enter into Soft Feature Freeze phase. In this phase, the 
> feature under review will not be allowed to be pushed. The patch 
> review can continue without break in edk2 community.
> 
>   If the patch is sent before Soft Feature Freeze, and plans to catch 
> this stable tag, the patch contributor need reply to his patch and 
> notify edk2 community.
>   If the patch is sent after Soft Feature Freeze, and plans to catch 
> this stable tag, please add edk2-stable202002 key words in the patch 
> title and BZ, so the community know this patch target and give the
feedback.
> 
> Below is edk2-stable202002 tag planning 
> https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-P
> lannin
> g
> Proposed Schedule
> Date (00:00:00 UTC-8)   Description
> 2019-12-02        Beginning of development
> 2020-02-07        Feature Planning Freeze
> 2020-02-14        Soft Feature Freeze
> 2020-02-21        Hard Feature Freeze
> 2020-02-28        Release
> 
> Thanks
> Liming
> 
> 
> 
> 
> 
>