[TYPO3-dev] security releases and regression issues

[Jigal van Hemert]

Hi,

First of all, this thread is *not* to criticize anybody, but intended as 
a constructive discussion for improvements.

Recently we have had a couple of occasions where security releases 
contained regressions and thus an extra bugfix release was necessary 
shortly afterwards.

Some points to start with:

- a security release cannot have public tests because this would reveal 
the issue(s) which it tries to fix
- regression bugfix releases require site admins or agencies to update a 
lot of installation soon after a security release. These updates have 
impact in terms of time, money and resources
- a lot of releases in a short period of time can give several 
impressions: some will say that it is good that problems are solved so 
quickly, others may question the stability

Any ideas (as crazy as you like; sometimes crazy ideas inspire others to 
have very practical solutions) for some way to make regression issues 
less likely?
Will more unit tests and a continuous integration server help?
Tests by (core) developers with a non-disclosure contract?

-- 
Kind regards / met vriendelijke groet,

Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh