What is a release?

Kurt Roeckx kurt at roeckx.be
Mon Mar 21 20:47:27 UTC 2016


On Mon, Mar 21, 2016 at 04:20:38PM -0400, Eric S. Raymond wrote:
> Mark Atwood <fallenpegasus at gmail.com>:
> > Speaking of which, the next cadence point release is going to be next
> > Tuesday, the day after tomorrow, while I will literally be standing before
> > the LF CII making the case for our work.   So, this is a really good time
> > to be doing work that merits entries in the NEWS file.
> 
> You'll be happy to hear that I've been doing exactly that, then.
> 
> I've forward-ported eight recent bug fixes from Classic; the entries
> are in the NEWS file.  Likely I'll get one or two more this evening.
> It'd be more, but I have a vicious cold just now and aren't 100%.
> 
> Things to emphasize to LF: these are bugs we inherited from Classic,
> and I'm able to focus on fixing them because we haven't introduced
> *any* of our own.  Zero.  Zip.  Nada.  (I just reviewed the issue
> tracker to verify this.)
> 
> So from the LF's point of view, the case for our work is that we
> have significantly hardened the code and reduced its bulk by over
> 50% while introducing zero new bugs.  Significant hardening can
> be measured by the fact that since the fork we've seen three CVEs go
> by that we dodged because we had already fixed the hole in question.

You can probobably add that people are still waiting for fixes of
the "reference implementation" for CVEs for which they have
released the details 5 months ago.

A few things that I think you can improve is a download link
somewhere on the website.  It would also be nice if you provide a
SHA256 sum of that, and that someone signs the release.


Kurt



More information about the devel mailing list