httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: [VOTE] Release Apache httpd 2.4.0
Date Tue, 17 Jan 2012 11:37:27 GMT
On 17 Jan 2012, at 7:01 AM, William A. Rowe Jr. wrote:

> To further elaborate...
> 
> https://dist.apache.org/repos/dist/release/httpd/patches/
> 
> * contains nothing to protect adopters of our beta since 2.3.5
> 
> * contains few of the patches necessary to close issues since 2.2.21

I don't see how any of this has anything to do with this release at all.

The patches directory should be used to publish security patches when those security patches
are committed, not at some arbitrary future date when a release is made, and it seems that
this hasn't been done. Fixing this to me seems trivial, go through the CHANGES file, identify
the entries marked SECURITY, and upload each patch to the patches directory to catch up. Shouldn't
take long to do at all.

Then, add a message to the top of the CHANGES file explaining to future committers that security
patches should be sorted at the top, and committed to https://dist.apache.org/repos/dist/release/httpd/patches/,
so that contributors to this project actually know this is expected, and end users know where
to look.

Regards,
Graham
--


Mime
View raw message