[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Temporal Release Strategy

On Wed, Apr 20, 2005 at 04:23:02PM -0700, Jeff Carr wrote:
> Adrian Bunk wrote:
> >Let me ask some questions:
> >- How many thousand people can't continue working if the server isn't
> >  available?
> >- How many million dollar does the customer lose every day the server is
> >  not available?
> >- How many days without this server does it take until the company is
> >  bankrupt?
> These are interesting questions, but not really applicable. I've never 
> seen a corporate enviornment where an upstream or outside distribution 
> is deployed without being tested internally first. I don't think it's 
> something that should be taken into account in the release process. 
> Companies have internal methods for deployment that double check and 
> verify a distribution before it is used.

Yes, such companies do test all changes. But being sure that it's _very_ 
unlikely that a security update breaks something makes life much easier.

And then there's the class of problems you could recently observe with
PHP 4.3.10:

PHP 4.3.10 fixed more than half a dozen known security problems, but it 
also contained a performance regression letting some scripts run slower 
by a factor of more than 50 (sic).

If your distribution gives you PHP 4.3.10 to fix the security problems 
and you use PHP4 on a busy server you have a big problem in such a 

> Jeff



       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply to: