Clarify positioning of extended stable and security merges
We've had some questions from developers as well as embedders re: our merge policies for security issues in the extended stable channel; this update helps clarify our stance. Change-Id: I3aa5aa3a7c92ad174d15b3fe2ae99439f3009ea8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3258621 Auto-Submit: Alex Mineer <amineer@chromium.org> Reviewed-by: Adrian Taylor <adetaylor@chromium.org> Commit-Queue: Alex Mineer <amineer@chromium.org> Cr-Commit-Position: refs/heads/main@{#938550}
This commit is contained in:
Alex Mineer
committed by
Chromium LUCI CQ
Chromium LUCI CQ
parent
0d57ded1a6
commit
b201d4aa8b
docs/process
@ -266,8 +266,8 @@ Chromium Dash [front-end](https://chromiumdash.appspot.com/branches) and
|
||||
| branch | M(X) Branch | M(X) Beta | Polish issues for Finch-gated features (no workflow changes), any new regressions, any release blockers, any security issues, any string issues (.GRD changes) |
|
||||
| beta | M(X) Beta | M(X) Stable Cut | Non-functional issues for Finch-gated features (e.g. add metrics, fix crash), noticeable new regressions, any release blockers, any security issues, urgent string issues (.GRD changes) |
|
||||
| stable_cut | M(X) Stable Cut | M(X) Stable | Urgent new regressions, all release blockers, important security issues (medium severity or higher), emergency string issues (.GRD changes) |
|
||||
| stable | M(X) Stable | M(X+1) Stable | Urgent new regressions (especially user reports), urgent release blockers, important security issues (medium severity or higher) |
|
||||
| extended (if applicable) | M(X+1) Stable | M(X+2) Stable | Important security issues (medium severity or higher) applicable to Windows, Mac or Chrome OS |
|
||||
| stable | M(X) Stable | M(X+1) Stable | Urgent new regressions (especially user reports), urgent release blockers, important security issues (medium severity or higher) requested by the security team |
|
||||
| extended (if applicable) | M(X+1) Stable | M(X+2) Stable | Important security issues (medium severity or higher) applicable to any platform supported by Chrome Browser requested by the security team |
|
||||
|
||||
### Merge states and labels
|
||||
|
||||
|
||||
@ -7,21 +7,33 @@
|
||||
Chrome ships a new milestone (major version) to the stable channel every four
|
||||
weeks. The new milestone is developed on main for four weeks (beginning on
|
||||
branch point for the previous milestone) before the milestone's branch is cut,
|
||||
which is then stabilized for six weeks before being shipped to stable.
|
||||
|
||||
Chrome also maintains every other milestone branch for four additional weeks by
|
||||
backporting important security fixes to create an extended stable channel,
|
||||
where a new milestone is shipped every eight weeks. During the first four
|
||||
weeks of this milestone, both stable and extended stable are shipped identical
|
||||
releases; see the [channel lifecycle](#channel-lifecycle) to learn more.
|
||||
The extended stable channel is only available to enterprises, who can enable it
|
||||
via enterprise policies.
|
||||
|
||||
Biweekly updates (called refreshes) are shipped to both the stable and extended
|
||||
stable channels to deploy security fixes and keep Chrome's
|
||||
which is then stabilized for six weeks before being shipped to stable. Once
|
||||
a milestone reaches stable, biweekly updates (called refreshes) are shipped to
|
||||
the stable to deploy security fixes and keep Chrome's
|
||||
[patch gap](https://groups.google.com/a/chromium.org/g/security-dev/c/fbiuFbW07vI)
|
||||
short. Selected regression fixes may also be included in stable channel
|
||||
refreshes, but not extended stable refreshes.
|
||||
short.
|
||||
|
||||
## Extended Stable
|
||||
|
||||
Chrome Browser also maintains every other milestone branch for four additional
|
||||
weeks by backporting important security fixes to create an extended stable
|
||||
channel, where a new milestone is shipped every eight weeks. During the first
|
||||
four weeks of this milestone, both stable and extended stable are shipped
|
||||
identical releases; see the [channel lifecycle](#channel-lifecycle) to learn
|
||||
more. The extended stable channel is only available to enterprises on the
|
||||
Windows and Mac platforms, and can be enabled via enterprise policies. Biweekly
|
||||
refreshes are shipped to extended stable as well.
|
||||
|
||||
While extended stable is only shipped to Windows and Mac, security fixes that
|
||||
are relevant to any Chrome Browser platforms will be landed on the extended
|
||||
stable branch for use by embedders. It's important to note that while the team
|
||||
will make an effort to backport all important security fixes to extended
|
||||
stable, complex and risky changes as well as larger features that improve
|
||||
security (e.g.
|
||||
[Site Isolation](https://www.chromium.org/Home/chromium-security/site-isolation))
|
||||
may not be viable to backport and will only be available on the stable channel;
|
||||
as such, using the stable channel and stable branches is recommended for any
|
||||
team where security is a primary concern.
|
||||
|
||||
## Release Cycle
|
||||
The diagram below shows when our different development checkpoints occur as a
|
||||
|
||||
Reference in New Issue
Block a user