Re: join us!

To: "Dave Sherohman" <esper@sherohman.org>
Cc: <johno@cruithne.org>, "Ben Collins" <bcollins@debian.org>, <debian-user@lists.debian.org>
Subject: Re: join us!
From: "Kurt Seifried" <seifried@securityportal.com>
Date: Thu, 31 Aug 2000 10:03:59 -0600
Message-id: <008501c01365$133a8200$6900030a@seifried.org>
Reply-to: "Kurt Seifried" <seifried@securityportal.com>
References: <E13UWaD-0002FF-00@pchan>

> Personally, when I see "1.2.0pre10-4", I think, "This is not the same as
the
> original/base 1.2.0pre10."  Depending on how the numbering is implemented,
it
> has been updated 3 or 4 times since the original 1.2.0pre10.  So I would
not
> expect it to have the same bugs.

So did you fix the root hack in pre10, the DOS in rc1, or the typo in the
install script? Oh yeah, I gotta read the changelog to find out,
wheep.Making major changes to software (plugging root hacks counts I
think....) and not modifying the software revision (ok, the Debian package
number is revised, but that means nothing unless you read the changelog) is
just a bad idea. Also when the main change in a software package is bug
fixes and not feature additions I think it might be sane to upate the
package, As for Apache, 1.3.12 has been out 6+ months, freezing software and
using a version much older doesn't make much sense to me (and let's face it,
some software packages, like Apache, do an extremely good QA job and
generally don't ship broken stuff, OTOH big billy bobs irc client version
.34 is another story).

> > As for the "code freeze", well the code is NOT frozen if Debian is
> > backporting changes into it, Apache 1.3.9 as shipped by Debian for
example
> > is more like a 1.3.9 sortof 10/11/12 but not really. While the argument
"we
> > are not adding new features" can be used, the fact of the matter is that
> > Debian is making (in some cases significant) changes to code that
changes
> > behaviour (like fixing root hacks, cross site scripting vulnerability,
> > whatever).
>
> Would you be more comfortable if it were called a "feature freeze"?

Yup. And for gods sake, document it somehwere that you need to read the
changelogs. I've actually gotten several emails from smart Linux people
(i.e. people that also write/manage online Linux related publications) going
"hey, that's news to me too". I am not going to sit down and read /usr/doc/*
just on a whim, neither are most users or even people trying to do a review
(i.e. I wouldn't mind seeing you guys writing a review of say TurboLinux =).

> Dave

-Kurt

Reply to:

Follow-Ups:
- Re: join us!
  - From: Ben Collins <bcollins@debian.org>
- Re: join us!
  - From: Bob Bernstein <poobah@ruptured-duck.com>

References:
- Re: join us!
  - From: Dave Sherohman <esper@sherohman.org>

Prev by Date: Re: lynx gone mad!
Next by Date: IRC proxying
Previous by thread: Re: join us!
Next by thread: Re: join us!
Index(es):
- Date
- Thread