RFC - n/a
Other Related Resources
LTS Recommendation as of January 2022: https://docs.google.com/document/d/1Un5OlutEh7M2p3AzxE8g20NmdeEhrC0KCNkfd_QLkRw/edit
This ADR has been created by the FOLIO security team on 2022-04-21 Meeting notes, 2022-04-28 Meeting notes, 2022-05-05 Meeting notes, 2022-05-12 Meeting notes, 2022-05-19 Meeting notes, 2022-05-26 Meeting notes, 2022-06-02 Meeting notes, 2022-06-09 Meeting notes
Contributors
- FOLIO Security Team
Approvers
- PC published "Regular release recommendations" at PC Supports long-term release and regular release recommendations on July 5, 2022. This indirectly approves this ADR and makes this ADR obsolete.
Background/Context
As a sysop I need to schedule the migration of my production installation of FOLIO.
As a FOLIO security team member I have limited time to monitor FOLIO for security issues.
As a FOLIO software developer I have limited time to fix and back-port security issues.
Therefore FOLIO
- should limit the number of flower releases that get security fixes for critical vulnerabilities and
- should publish the support period on the release notes.
Assumptions
Implementers can upgrade within 8 months after the official Morning Glory release
Constraints
Resources to maintain old flower releases.
To comply with policies and law a sysop must upgrade from a version that is no longer supported to maintain privacy and security.
To speed up this ADR support periods of other releases (Nolana, Orchid, ...) are out of scope.
Decision
The TC forwards this decision proposal to the PC:
Morning Glory will receive security fixes for critical issues until Orchid is released (est. Spring 2023).
Detailed information on particular issues will be provided by the security team. With this release there will be no other security hotfixes on Kiwi.This is to be published on the Morning Glory release notes.
Implications
- Pros
- Approves the "LTS Recommendation as of January 2022" for Morning Glory and for the end-of-life of Kiwi.
- Cons
- Tight time frame for sysops.