Re: Linux 2.0.36 in slink?
On Mon, Dec 14, 1998 at 06:05:20PM +0000, Enrique Zanardi wrote:
> So, what's worse? Shipping a kernel with known security holes, or moving
> isdnutils into slink this late in the freeze?
Oh boy, this is a doozy. I don't think we can win here. If we ship
the old kernel, we may get hit with "those dumm schmoes are shipping
that buggy kernel..." If we ship the new kernel we may break
something and have another inestimable delay.
My software development experience says we should stop making changes
except for release critical 'bugs'. We need to be done with slink.
It makes more sense to ship an alternative kernel package for those
who are concerned with security. This prevents us from perturbing the
rest of the release. It *may* be the case that 2.0.36 only breaks
isdnutils, but it *may* break something else, too.
The better judgement is to ship with what we have. Ship this baby and
move on to potato. The fact is that the trouble were experiencing in
shipping slink is very common among shrink-wrap software developers.
There is a good book about cyclical software development written by
Jim Mcarthy called "Dynamics of Software Development." He's from M$
which is funny because his methodology is kinda followed by folks at
M$, but the place is so big that every aspiring lord wants to tweak
the process. The result is that none of them can get it right.
Mcarthy talks a lot of sense, though I'm not sure how much really
applies to us. It's a good slice of knowledge to have anyway.