[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-dev
Subject:    Re: [VOTE] httpd-2.2.20 tarballs
From:       "William A. Rowe Jr." <wrowe () rowe-clan ! net>
Date:       2011-08-31 16:48:39
Message-ID: 4E5E65E7.90103 () rowe-clan ! net
[Download RAW message or body]

On 8/31/2011 5:31 AM, Jim Jagielski wrote:
> 
> On Aug 31, 2011, at 4:38 AM, Plüm, Rüdiger, VF-Group wrote:
> 
>>
>> Let's see where we head with the regression report Stefan mentioned.
>> If it is really something that needs fixing we should go for 2.2.21
>> and fix the above issues as well.
> 
> Agreed… also, if this is such a concern, then Bill should update
> the release tools to req what he demands as the canon list
> of build tools that must be used and recall such concepts as
> "one cannot veto a release" (and other times when we pushed
> a security release out aggressively)

No veto - just expressed a preference that we don't wildly change
the build tools for a 'minimal change'.  If this were simply 2.2.20,
the latest and greatest release, I couldn't care less :)  Let folks
who encounter issues stay with 2.2.19.  It isn't my demand, just a
simple observation of what is in httpd-2.2.19.tar vs httpd-2.2.20.tar.

Somehow it's Wednesday, and none of the patch authors have actually
placed this critical security patch in either

https://dist.apache.org/repos/dist/release/httpd/patches/apply_to_2.2.20/
https://dist.apache.org/repos/dist/release/httpd/patches/apply_to_2.0.64/

If these are not patch-worthy, I highly doubt them to be release worthy,
so I'm afraid I don't have a lot of respect for this whole <24 hour
release process.  You are almost right, Jim, we've been aggressive with
our security releases, but _never_ with less than 24 hours of careful
consideration.

[prev in list] [next in list] [prev in thread] [next in thread]