+1 -1
For the 2nd point, note how I am always always lambasted for fixing a bug I haven't reproduced, and often for good reason (I deal with many stable production forks). Sometimes I catch bugs just by looking at source codes.
Be careful when applying patches to stable releases. Always be sure it won't destabilize the release. This holds true for any non-bug fixes, not just for security-related non-bug fixes. Jonathon Jacques Le Roux wrote:
Hi, This is the official vote thread about security issues and fixes in releases My proposition is to make a vote on 2 points Please vote for each points [+1] Yes [+0] I'm fine either way [-1] No 1. Do you vote for commiting the patch input-with-password.patch from Jira issue https://issues.apache.org/jira/browse/OFBIZ-1106 in release4.0 (please see thread <<release4.0: OFBIZ-1106 (in or out?)>> in dev ML for history) ? 2. Do you vote for, in general, commiting security fixes in releases ? Other examples of other security issues may be found from here : https://issues.apache.org/jira/browse/OFBIZ-178 Thanks Jacques
