Re: Stable Release plan
lance wrote:
> On Thu, 19 Apr 2001, Martin Schulze wrote:
>
> > lance wrote:
> > > On Thu, 19 Apr 2001, Martin Schulze wrote:
> > >
> > > > Considering how stable releaes were handled recently or better how
> > > > they weren't handled properly with regards to our duty to our users,
> > > > my plan is to release a new point release of stable about every one to
> > > > two monthts. I'll continue to prepare releases and help our
> > > > ftp-masters with this.
> > > >
> > > > Having said that, I'm already preparing 2.2r4 so it could be released
> > > > around mid of May: http://people.debian.org/~joey/2.2r4/
> > >
> > > As a CD vendor - please try to keep a minimum time between point releases
> > > - say 3 months ??
> >
> > No. Three months is too much. Please burn & sell the current point
> > release. People who take care of security have to update anyway. They
> > can get their updates from the net. If they don't care, the n-1, n-2
> > point release is fine for them.
>
> I think you have missed my point - we dont burn gold disks - we press
> 6 CD sets of Debian. It takes 2 weeks to get the disks pressed. If we only
> have 2 weeks to sell them it will not be viable.
I'm awfully sorry, but I believe that you missed my point. Maybe I
didn't manage to express my opinion. From my point as Security
Officer (and this is my main concern to work on the point releases) it
is unacceptable to wait that long. We already have a working
compromise that security.debian.org contains all updates, even before
a new point release was made. However regular updates are required to
release a (more or less) secure distribution.
It is not acceptable to hold back security updates only because it
hurts cd vendors who don't see that they have enough time between the
point releases to sell their cds. I agree that the Security point of
view doesn't match the Selling point of view.
Having point releases that are stable and don't get updated
wrt. security is already considered a problem. We are knowingly
releasing software with known security issues. This is quite bad.
People who order a CD can only get the most recent snapshot from the
time the cd was created. Like I said, if they need an up-to-date
system, they'll use apt-get over the network anyway. If they don't,
they don't need to and the CD alone is everything they need.
> People who order cd's want the latest release - 2.2r2 6 CD sets are
> virtually worthless once 2.2r3 has been released, and if we sent them to
> people with a note saying that they can upgrade from the net then we would
> get them back very quickly indeed !!
Then, and I'm sorry for being rude, you should not sell any cd with
free software. The release cyclus of free software is amazing. Only
one month later a lot is out-dated. This is one of the advantages,
since security issues get updated very quickly, unlike commercial
proprietary software.
Since point releases mostly only update security problems, about 95%
of a new point release is the same as the former one. Thus updates
don't require large uploads etc. (ok, this is different for r3 since
X and Kernel were updated and no point release was made for months)
> All I am asking for is enough time to make a reasonable effort at making
> and shipping the version before the next version is released. If you want
> to have interim releases with minor fixes - why not call them 2.2r3.1 etc
Sorry, but that's plain bullshit.
What's the diffence between 2.2r2 and 2.2r3? It's a patch level, only
a revision. We could as well call it 2.3 just to annoy cd vendors.
In fact, we had 1.3 and 1.3.1 as the next point release which confused
people. Thats why we have decided to add the ``r<n>'' revision
suffix to the version.
Regards,
Joey
--
Life is too short to run proprietary software. -- Bdale Garbee
Reply to: