httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <>
Subject Re: [TALLY] aaa rewrite
Date Fri, 06 Sep 2002 00:21:34 GMT
On Thu, Sep 05, 2002 at 04:51:56PM -0700, Aaron Bannert wrote:
> > We can make a branch for a security release after the fact, either
> > off the last release or off the pre-auth-change tag and then build
> > a security-fix-only release off that branch.
> Why would we branch for a security fix in lieu of just branching
> a sandbox for the auth developers to play in -- in the first place?

Quite simple, actually. You put the developers in definite pain by making
them branch, compared to a *potential* pain of a branch for a security fix.

"pain" being arguable, of course -- it all depends upon people's aversion to
CVS branches. But there is real pain in the sense that a person will be
working by themselves, rather than in the trunk where others will verify
the work being completed.

And in any case, a branch for a security fix will most likely be done
against the 2.0.40 tag, rather than the head. People are going to patch
against 2.0.40, if anything.

And, honestly, I think people are simply way to frickin' scared here. You
should stop and look at the patches that Dirk and Justin have written and
are proposing. There is existing code for this. It is mostly *other* people
who are talking about destabilizing. Not Justin.


Greg Stein,

View raw message