On Thu, Sep 05, 2002 at 05:21:34PM -0700, Greg Stein wrote: > Quite simple, actually. You put the developers in definite pain by making > them branch, compared to a *potential* pain of a branch for a security fix. > > "pain" being arguable, of course -- it all depends upon people's aversion to > CVS branches. But there is real pain in the sense that a person will be > working by themselves, rather than in the trunk where others will verify > the work being completed. > > And in any case, a branch for a security fix will most likely be done > against the 2.0.40 tag, rather than the head. People are going to patch > against 2.0.40, if anything. > > > And, honestly, I think people are simply way to frickin' scared here. You > should stop and look at the patches that Dirk and Justin have written and > are proposing. There is existing code for this. It is mostly *other* people > who are talking about destabilizing. Not Justin.
The way I see it, Justin is asking for an exception to the rule. The only reason in my mind that this exception was even considered was because it seems logical that we use CVS for what it's good at -- cooperative development. Under normal circumstances I would simply expect the proposed changes to be written up in a patch, posted to the list, reviewed and, if they seem to do their job, committed. Since the full-featured patch hasn't been posted, I have only to assume that this will immediately break the server until they get around to fixing it. I think my stance has been quite reasonable, in that if that destabilizing period is expected to go on for over a week, that the developers interested in this please make a branch. If they do not wish to do this, then they're going to have to follow the normal rules of development here, and do the development on their own and only commit it once they believe it to be correct. -aaron