Security release needed
gerv at mozilla.org
Mon Jan 3 19:08:36 UTC 2005
David Miller wrote:
> Gervase Markham wrote:
>> 2.16.8 is ready to go - there are two security patches to check in.
>> 2.18.0 has the blocker list we all know about. See Jake's weblog.
>> 2.19.2 could go at any time, really - it's just a development release.
> There will be no 2.19.2. We're releasing 2.20rc1 concurrently with 2.18
> final, at which point we branch.
In an ideal world, we would definitely do that. However, given that the
bug in question is public knowledge, we need to get a security release
out ASAP, as in "today or tomorrow". That means releasing from all three
trees. So, there are several reasons why it might not be the best idea
to branch and release 2.20rc1 at the same time:
- It's more complicated, and so will take longer and divide effort
- There are significantly more bugs marked as blocking2.20+ than there
are blocking2.18+, and we shouldn't do a Release Candidate unless the
build is a release candidate, which means fixing them all
- It requires doing the bug 108870 patch for both 2.18 and 2.20, which
will also delay things
- There is a higher level of expectation for an "rc" release than a
development release, which I'm not sure we're in a position to meet
- Max hasn't reviewed bug 73665 yet ;-)
What's the objection to doing a 2.19.2, apart from the fact that we
didn't plan to?
More information about the developers