curl-library
Re: A case for a branch and follow-up release?
Date: Thu, 23 Apr 2015 22:35:42 +0200
On Thu, Apr 23, 2015 at 10:19:28AM +0200, Daniel Stenberg wrote:
> We released 7.42.0 roughly 24 hours ago. Things that have happened since:
>
> 1. A build problem with debug enbabled.
> Fix: https://github.com/bagder/curl/commit/1fd33e3e
>
> 2. A build problem with built without SSL.
> Fix: https://github.com/bagder/curl/commit/85c45d15 (almost, that commit is
> a follow-up to the previous one so in reality you're better off applying
> both)
>
> 3. A security issue was posted public in our bug tracker. This particular
> issue was alredy known to us and we were working in private to announce an
> advisory and fix in the next release.
>
> I'm now soliciting comments and ideas.
I can recall a handful of releases in the past where some pretty significant
build or other breakages were discovered in the hours after a release. I
suggest three procedural changes:
1) A total freeze for 24h before the release to wait for a successful run of
autobuilds. This isn't ideal when the release includes security fixes, but this
isn't the first time that a last-minute security patch has caused big build
breakages.
2) Extending the feature freeze until 48h after a release is made to make a
re-release easier.
3) Convince someone to run an autobuild from the daily tarball instead of git.
I used to do this for all my autobuilds (and it caught a number of problems of
files from the tar balls) but switched to git when switching to a new build
machine.
>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-04-23