On Wed, Aug 31, 2011 at 2:19 PM, Postmann Michael RBS sIT <[email protected]> wrote:
> I'm using GNU Parallel on a production system. Good to hear. > For me it's vital to know if an update closes (possible) security holes, > fixes some bugs or only has feature improvements. Makes sense. > On a production system it's a lot of overhead to update software as it needs > to be tested before and there is always the risk of something not working, > either during deployment or due to a new bug in the software itself, so the > goal is to update only if there is a knwon security hole or if the bug > affects a feature we use. > > So I would be grateful if you could at least state "This is a security > update" or "This is just a bugfix/feature release" in your release mails > because "Bug fixes and man page updates" is not specific enough to answer > that question. GNU Parallel can be installed as a normal user simply by copying the perl script. It requires no extra privileges to run. Thus I have yet to see a bug that had any security implications. If that should ever happen (which I simply cannot imagine how) I promise to stress that in the release notes. The closest we have been to a security bug was that --trc could not return files that had ' ' in them. And in my book that does not qualify as a security bug: You might lose data if you depended on it working - just like you might lose data due to other bugs. Currently there is no funding for maintaining two separate branches: "bug fix" and "new features". So bug fixes go into the newest version, which also has new features that may be buggy. The man page will give you an indication of what code has been touch recently: If the option says 'alpha testing' it means that this code was touched in this release. If the code says 'beta testing' the code was touched in last release. Code that has not been touched for 2 releases is regarded as production quality and not marked as testing. So if some features are critical to you, you may want to read the man page for each release and hold off for 2 releases if the critical features have been touched. Every release has to pass a test suite before being released. So old bugs should never creep back in (at least not if the bugs are testable). /Ole
