And I think it is also good to state in the mail-announcement and in the
jakarta website that the b2 have such security vulnerability when b3 is
rolled out.
Punky
----- Original Message -----
From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 03, 2001 7:38 AM
Subject: Re: Tomcat 4.0-beta-2 Security Vulnerability
>
>
> On Mon, 2 Apr 2001, Mel Martinez wrote:
>
> >
> > --- "Craig R. McClanahan" <[EMAIL PROTECTED]> wrote:
> > >
> > > I suggest that we create a revised version of beta
> > > 2, clearly labelled so
> > > that people will know whether they have the
> > > corrected version or not --
> > > and we should do this immediately (like today) to
> > > minimize the number of
> > > people who end up downloading twice.
> > >
> > > I suggest we call the updated version "Tomcat
> > > 4.0-beta-2-update-1" or
> > > something like that.
> > >
> > > Comments? Votes?
> > >
> >
> > I vote you just call it "Tomcat-4.0-beta-3". I don't
> > recall ever being told there were limits to the number
> > of betas one can produce. :-) I believe that a new
> > beta number is justified by any significant bug fix or
> > fixes and a security hole is definitely significant,
> > even if the code change may be tiny.
> >
> > By labeling it 'beta-3' it is CLEARLY the latest build
> > and CLEARLY newer than beta-2.
> >
>
> Makes sense to me. "Beta 3" it is.
>
> > fwiw,
> >
> > Dr. Mel Martinez
> > G1440, Inc.
> >
>
> Craig
