httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: [VOTE] httpd-2.2.20 tarballs
Date Wed, 31 Aug 2011 16:48:39 GMT
On 8/31/2011 5:31 AM, Jim Jagielski wrote:
> 
> On Aug 31, 2011, at 4:38 AM, Plüm, Rüdiger, VF-Group wrote:
> 
>>
>> Let's see where we head with the regression report Stefan mentioned.
>> If it is really something that needs fixing we should go for 2.2.21
>> and fix the above issues as well.
> 
> Agreed… also, if this is such a concern, then Bill should update
> the release tools to req what he demands as the canon list
> of build tools that must be used and recall such concepts as
> "one cannot veto a release" (and other times when we pushed
> a security release out aggressively)

No veto - just expressed a preference that we don't wildly change
the build tools for a 'minimal change'.  If this were simply 2.2.20,
the latest and greatest release, I couldn't care less :)  Let folks
who encounter issues stay with 2.2.19.  It isn't my demand, just a
simple observation of what is in httpd-2.2.19.tar vs httpd-2.2.20.tar.

Somehow it's Wednesday, and none of the patch authors have actually
placed this critical security patch in either

https://dist.apache.org/repos/dist/release/httpd/patches/apply_to_2.2.20/
https://dist.apache.org/repos/dist/release/httpd/patches/apply_to_2.0.64/

If these are not patch-worthy, I highly doubt them to be release worthy,
so I'm afraid I don't have a lot of respect for this whole <24 hour
release process.  You are almost right, Jim, we've been aggressive with
our security releases, but _never_ with less than 24 hours of careful
consideration.


Mime
View raw message