incubator-flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Winscot <rick.wins...@gmail.com>
Subject Re: jira task to decide on Apache Flex version number needed
Date Wed, 18 Jan 2012 17:29:04 GMT
Omar

Adobe still has maintenance interest in previous releases...

http://www.adobe.com/support/security/bulletins/apsb11-25.html

http://kb2.adobe.com/cps/915/cpsid_91544.html 

I'm not sure that skipping a point release ahead is enough elbow-room to prevent collisions.
This is another reason I recommended the package name change... and resetting the version
to 1.0. 

-- 
Rick Winscot


On Wednesday, January 18, 2012 at 12:08 PM, Omar Gonzalez wrote:

> Adobe has stated that JIRA issues with security problems would not be
> ported to our JIRA. I think they are not porting those, obviously, because
> then big gaping security holes would be out in the open that they probably
> don't want the public to know about... I know the project's been donated,
> but the 4.6 still bears the name Adobe Flex, and because their name is on
> it they are going to continue to take the same kind of steps they've always
> taken to safeguard security risks.
> 
> Ideally, the patches to the 4.6.x security holes that Adobe might fix, or
> anything else it patches, do make their way into our branch at some point.
> But this is why I suggest that the Apache Flex version numbers start at
> 4.7.x, so there is no confusion. Any hotfixes, patches and security holes
> can be maintained for 4.6 versions by Adobe without them having to worry
> about changes done in 4.7, and it'd be easier for us to merge those changes
> from 4.6.10 or whatever to 4.7.0 and back up the chain... at least I think
> it would be, someone might correct me on this.
> 
> -omar 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message