Questions regarding support for syslog-ng
Hi I'm collecting information on various dependencies within infrastructure for internal tracking. I looked on the website and through your documentation and cannot locate the answers needed, so I am reaching out to the mailing list. I was wondering if you can give me any sense of what your cadence for releasing updates for syslog-ng. - Do you have a routine release cadence for updates? If so, what is it (e.g. monthly, every third Tuesday, etc.) If there is no set cadence, can you give me a rough sense of how often you release updates? - How do you deal with potential security vulnerabilities? What does your patching procedure look like? Is it typically visible to users? I am sure you can't give me a ton of detail, but we'd like to be able to document what our dependencies look like and how often we might be falling behind so we can adjust our own roadmaps accordingly. Thanks in advance for any information you can offer! Diana -- Diana Wiener Customer Life Cycle Manager, Support diana.wiener@acquia.com
Hi, I’m not sure in which edition you are using: the premium edition(PE) or the open source edition(OSE). Releases In both cases we have 2 months cadences which means that every two months we are releasing a * OSE (rolling release model) * PE 7 (rolling release) * PE 6 maintenance Security patches One technical difference between OSE and PE: Dependencies. In case of OSE the vulnerabilities detected in dependencies are not fixed by us as in case of OSE we are not bundle them, they are part of the environment where syslog-ng is running. In case of PE, where we bundle the dependencies, we update and release the deps. This means that when there is a highly prioritized sec. bug for example in OpenSSL then we release PE ASAP with the updated OpenSSL(and this may affect the release date). What do you mean under ‘typically visible to the users’? We don’t have currently a publicly available sec. issue tracker. The release changelog/announcement contains information regarding to the fixed issues(including fixed sec. vulnerabilities). In case of OSE (and partly in case of PE7,as it is based on OSE) every issues are available on github. If you need more details in case of PE, please contact to Balabit (if you need assistance, I can help you in contact to the right person, just drop me a private mail). regards, Laszlo Budai On Thursday, October 12, 2017, Diana Wiener <diana.wiener@acquia.com> wrote:
Hi I'm collecting information on various dependencies within infrastructure for internal tracking. I looked on the website and through your documentation and cannot locate the answers needed, so I am reaching out to the mailing list.
I was wondering if you can give me any sense of what your cadence for releasing updates for syslog-ng.
- Do you have a routine release cadence for updates? If so, what is it (e.g. monthly, every third Tuesday, etc.) If there is no set cadence, can you give me a rough sense of how often you release updates?
- How do you deal with potential security vulnerabilities? What does your patching procedure look like? Is it typically visible to users?
I am sure you can't give me a ton of detail, but we'd like to be able to document what our dependencies look like and how often we might be falling behind so we can adjust our own roadmaps accordingly.
Thanks in advance for any information you can offer!
Diana
-- Diana Wiener Customer Life Cycle Manager, Support diana.wiener@acquia.com <javascript:_e(%7B%7D,'cvml','diana.wiener@acquia.com');>
participants (2)
-
Budai, László
-
Diana Wiener