Reindl Harald wrote:
there should be placed diff-files for security fixes directly on the download-page they could be easily included in rpmbuild/spec-file if they are matching to the latest tar.bz2, but the current release process does not support this and forces users if they wanting their machines as secure as possible to grab in the VCS manually and hoping make no mistake by making this on their own - it is a hughe difference for a administrator innclude provided patches in a spec-file or deal with the whole php-source
Actually this is possibly another argument for a properly managed DVCS setup? On other projects I can pick critical commits and apply them, and it flags when other bits need to be implemented as well. Almost does away with the need to produce actual releases, but you do need to differentiate security fixes from simple 'improvements'?
-- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk// Firebird - http://www.firebirdsql.org/index.php -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
