[TYPO3-dev] security releases and regression issues
Jigal van Hemert
jigal at xs4all.nl
Tue Oct 12 12:12:41 CEST 2010
Hi,
First of all, this thread is *not* to criticize anybody, but intended as
a constructive discussion for improvements.
Recently we have had a couple of occasions where security releases
contained regressions and thus an extra bugfix release was necessary
shortly afterwards.
Some points to start with:
- a security release cannot have public tests because this would reveal
the issue(s) which it tries to fix
- regression bugfix releases require site admins or agencies to update a
lot of installation soon after a security release. These updates have
impact in terms of time, money and resources
- a lot of releases in a short period of time can give several
impressions: some will say that it is good that problems are solved so
quickly, others may question the stability
Any ideas (as crazy as you like; sometimes crazy ideas inspire others to
have very practical solutions) for some way to make regression issues
less likely?
Will more unit tests and a continuous integration server help?
Tests by (core) developers with a non-disclosure contract?
--
Kind regards / met vriendelijke groet,
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh
More information about the TYPO3-dev
mailing list