[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 1.0.3 release scheduling

From: John Peacock <jpeacock_at_rowman.com>
Date: 2004-05-19 15:21:49 CEST

Garrett Rooney wrote:
> Due to it's sensitivity, the security problem fixed in 1.0.3 was not
> discussed on the dev list. For details about the problem see the 1.0.3
> release email.

Fair enough. I saw his announcement with the release. In the future, it would
be useful if the initial warning that a release was imminent either was more
specific or less specific. Either state that it fixes an unannounced security
issue or point to an existing security alert. Simple stating that "[t]his
release will include only the fix for the security problem" causes only
confusion (like we should all know which security problem which is being
referenced).

I have no problem with delaying the public announcement of the exact problem
until a patched version is available, only that it wasn't communicated well.

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed May 19 15:21:47 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.