rt-announce mailing list
rt-announce@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce
signature.asc (801 Bytes)
Hi,
previously, security releases also included the commits since the last
release (and translation updates).
Are security releases from now released only with the security fixes?
Chris
2015/08/12 18:19、Christian Loos cloos@netsandbox.de のメール:
Hi,
Hi Chris,
previously, security releases also included the commits since the last
release (and translation updates).
Are security releases from now released only with the security fixes?
There have been releases in the past that address only security vulnerabilities or major faults (and not bugfixes or translation updates), such as 4.0.16, 4.0.15, and 4.0.13.
My inclination is that security releases should be as tiny as possible to help remove any reasons for people to avoid upgrading. Furthermore, we don’t want to have people wait on a release candidate to pass muster in order to be able to upgrade to a secure version of RT. Finally it’s also important to be able to roll these releases out quickly, having the most limited set of sources for regressions possible.
I know you’re asking because you care about translation updates and bugfixes (many of which you’ve contributed!), and we’re definitely going to be shipping another bugfix release once the dust settles on 4.2.12. 
Chris
Thanks,
Shawn
signature.asc (801 Bytes)
Hi Shawn,
2015/08/12 18:19、Christian Loos cloos@netsandbox.de のメール:
Hi,
Hi Chris,
previously, security releases also included the commits since the last
release (and translation updates).
Are security releases from now released only with the security fixes?There have been releases in the past that address only security vulnerabilities or major faults (and not bugfixes or translation updates), such as 4.0.16, 4.0.15, and 4.0.13.
My inclination is that security releases should be as tiny as possible to help remove any reasons for people to avoid upgrading. Furthermore, we don’t want to have people wait on a release candidate to pass muster in order to be able to upgrade to a secure version of RT. Finally it’s also important to be able to roll these releases out quickly, having the most limited set of sources for regressions possible.
Thanks for explaining this.
I just asked, as the last 4.2 security fixes also included changes.
But I’m with you that releasing security fixes as a separate release is
the better way.
I know you’re asking because you care about translation updates and bugfixes (many of which you’ve contributed!), and we’re definitely going to be shipping another bugfix release once the dust settles on 4.2.12.
I hope someone have time to review my pending Pull Request before the
next release, which also includes some bugfixes [1].
Chris