We discussed today on the dev call the need for a CVE-like tracking of safety critical fixes. The idea is to have a well-defined process to escalate anything that is safety critical and allow users of PX4 to verify they have no exposure against known significant issues.
If you are not familiar with the CVE process, here is their FAQ: https://cve.mitre.org/about/faqs.html
This might be a bit too heavy for us, so I propose to start with something simple:
- Add a CVE or alike tag on Github issues
- Track those issues in a project
- Some level of manual check or scripting that the last stable release has all fixes merged
I and Daniel are both interested to push this, who else wants to contribute?