cURL / Mailing Lists / curl-library / Single Mail


Re: A case for a branch and follow-up release?

From: Dan Fandrich <>
Date: Thu, 23 Apr 2015 22:35:42 +0200

On Thu, Apr 23, 2015 at 10:19:28AM +0200, Daniel Stenberg wrote:
> We released 7.42.0 roughly 24 hours ago. Things that have happened since:
> 1. A build problem with debug enbabled.
> Fix:
> 2. A build problem with built without SSL.
> Fix: (almost, that commit is
> a follow-up to the previous one so in reality you're better off applying
> both)
> 3. A security issue was posted public in our bug tracker. This particular
> issue was alredy known to us and we were working in private to announce an
> advisory and fix in the next release.
> I'm now soliciting comments and ideas.

I can recall a handful of releases in the past where some pretty significant
build or other breakages were discovered in the hours after a release. I
suggest three procedural changes:

1) A total freeze for 24h before the release to wait for a successful run of
autobuilds. This isn't ideal when the release includes security fixes, but this
isn't the first time that a last-minute security patch has caused big build

2) Extending the feature freeze until 48h after a release is made to make a
re-release easier.

3) Convince someone to run an autobuild from the daily tarball instead of git.
I used to do this for all my autobuilds (and it caught a number of problems of
files from the tar balls) but switched to git when switching to a new build

>>> Dan
List admin:
Received on 2015-04-23