Re: Current 2.2r2 status
On Wed, 22 Nov 2000, Ben Collins wrote:
> > As a CD Vendor I have watched this thread with interest. The day that you
> > release 2.2R2 there could be a major security hole announced that needs
> > fixing. There could be another one the day I get the Cd's back from the
> > replicator !!
> But there are security issues we know about *now*. I'm not assuming things
> will happen, they already have, and the known issues need to be included.
Yes - but you have to cut off sometime, because while you are fixing and
incorporating the fix for the known issue another issue will arise that
you could hold the release for, and I see security issues and updates
happening daily on all distributions !
I cant phone my replicator and say - hold those Debian Cd's, there's just
been a major security hole found in xxx package.
Once you say 'that is the release' then you cant afford to upset people
by having another release in a couple of weeks or by saying 'dont use that
release', but you have to issue the fixes as updates to that release.