Re: 1.0.3 release scheduling

From: John Peacock <jpeacock_at_rowman.com>
Date: 2004-05-19 15:21:49 CEST

Garrett Rooney wrote:
> Due to it's sensitivity, the security problem fixed in 1.0.3 was not
> discussed on the dev list. For details about the problem see the 1.0.3
> release email.

Fair enough. I saw his announcement with the release. In the future, it would
be useful if the initial warning that a release was imminent either was more
specific or less specific. Either state that it fixes an unannounced security
issue or point to an existing security alert. Simple stating that "[t]his
release will include only the fix for the security problem" causes only
confusion (like we should all know which security problem which is being
referenced).

I have no problem with delaying the public announcement of the exact problem
until a patched version is available, only that it wasn't communicated well.

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Wed May 19 15:21:47 2004

This message: [ Message body ]
Next message: kfogel_at_collab.net: "Re: 1.0.3 release scheduling"
Previous message: Patrick Mayweg: "Re: Subversion 1.0.3 released. *SECURITY FIX*"
In reply to: Garrett Rooney: "Re: 1.0.3 release scheduling"
Next in thread: kfogel_at_collab.net: "Re: 1.0.3 release scheduling"
Reply: kfogel_at_collab.net: "Re: 1.0.3 release scheduling"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]