[TYPO3-dev] Actual changes in security releases of extensions
Georg Ringer
typo3 at ringerge.org
Wed Oct 2 11:35:03 CEST 2013
Hi,
Am 02.10.2013 11:17, schrieb Lorenz Ulrich:
> Other than the core, not all extension maintainers have reliable change
> logs or use a VCS, therefore it can be impossible to see what actually
> changed. This comes to a problem when one cannot update to the security
> release because an installation depends on an older major version of an
> extension that isn't compatible with the current major version.
You can then ask the extension author if he wants to support older
versions of the extension which would make it possible to update easier.
The security team got no plans to add diff files to the bulletins.
A personal opinion: I doubt that this would improve the quality of
extensions in the community as you have then patched versions in the
wild. What happens if another or third bulletin is published about the
same extension. You don't know anymore if you are affected or not, ...
What I plan is to improve the service Philipp Bergsmann and me have
written to move TER extensions to github automatically. There you then
have the changelog as well. See https://github.com/typo3-ter
Georg
More information about the TYPO3-dev
mailing list