On Thu, 5 Sep 2002, Aaron Bannert wrote: > On Thu, Sep 05, 2002 at 04:26:22PM -0700, Justin Erenkrantz wrote: > > aaa rewrite belongs in: > > > > 2.0: rbb, brianp, dreid, gstein, jim, rederpj, striker, trawick, > > ianh, gs, bnicholes > > 2.1: dpejesh, chris, aaron, hb > > > > If someone would like to do a release before I check in the aaa > > changes, I'd be game to hold off until Monday or Tuesday. > > > How long do you think it will take to get the auth changes stabilized > enough to make a GA-quality release? If this is more than about a week, > I *strongly* urge you to branch.
The argument would be that they would never be stabilized until they are in HEAD since few people will use them until then. > The worst thing that could happen would be to have us run into a > security problem that needs to be fixed right away. Without a branch > we would have to revert all the auth changes back to a working state > (you're going to make a tag anyway, right??), make the release, and then > stick it all back in again. That's much uglier than just doing a branch > in the first place. We can make a branch for a security release after the fact, either off the last release or off the pre-auth-change tag and then build a security-fix-only release off that branch.