On Thu, 5 Sep 2002, Aaron Bannert wrote:

> On Thu, Sep 05, 2002 at 04:26:22PM -0700, Justin Erenkrantz wrote:
> > aaa rewrite belongs in:
> >
> > 2.0: rbb, brianp, dreid, gstein, jim, rederpj, striker, trawick,
> >      ianh, gs, bnicholes
> > 2.1: dpejesh, chris, aaron, hb
> >
> > If someone would like to do a release before I check in the aaa
> > changes, I'd be game to hold off until Monday or Tuesday.
>
>
> How long do you think it will take to get the auth changes stabilized
> enough to make a GA-quality release? If this is more than about a week,
> I *strongly* urge you to branch.

The argument would be that they would never be stabilized until they
are in HEAD since few people will use them until then.

> The worst thing that could happen would be to have us run into a
> security problem that needs to be fixed right away. Without a branch
> we would have to revert all the auth changes back to a working state
> (you're going to make a tag anyway, right??), make the release, and then
> stick it all back in again. That's much uglier than just doing a branch
> in the first place.

We can make a branch for a security release after the fact, either
off the last release or off the pre-auth-change tag and then build
a security-fix-only release off that branch.

Reply via email to