Security release needed

Gervase Markham gerv at mozilla.org
Mon Jan 3 19:08:36 UTC 2005


David Miller wrote:
> Gervase Markham wrote:
> 
>> 2.16.8 is ready to go - there are two security patches to check in.
>> 2.18.0 has the blocker list we all know about. See Jake's weblog.
>> 2.19.2 could go at any time, really - it's just a development release.
> 
> There will be no 2.19.2.  We're releasing 2.20rc1 concurrently with 2.18 
> final, at which point we branch.

In an ideal world, we would definitely do that. However, given that the 
bug in question is public knowledge, we need to get a security release 
out ASAP, as in "today or tomorrow". That means releasing from all three 
trees. So, there are several reasons why it might not be the best idea 
to branch and release 2.20rc1 at the same time:

- It's more complicated, and so will take longer and divide effort
- There are significantly more bugs marked as blocking2.20+ than there
   are blocking2.18+, and we shouldn't do a Release Candidate unless the
   build is a release candidate, which means fixing them all
- It requires doing the bug 108870 patch for both 2.18 and 2.20, which
   will also delay things
- There is a higher level of expectation for an "rc" release than a
   development release, which I'm not sure we're in a position to meet
   yet.
- Max hasn't reviewed bug 73665 yet ;-)

What's the objection to doing a 2.19.2, apart from the fact that we 
didn't plan to?

Gerv



More information about the developers mailing list