[TYPO3-core] Combining security and bugfix releases

Christian Lerrahn christian.lerrahn at cerebrum.com.au
Mon Dec 19 03:37:33 CET 2011


Hi guys,
I've decided to dare publicly questioning the choice to make 4.5.9 a
combined bugfix and security release here. I was rather worried
when I saw that this was the case because I believe that security
releases should never take their chances of breaking things unrelated
to the security problem.

The bug obviously introduced in version 4.5.9 which was reported at
http://forge.typo3.org/issues/32625 seems to prove my point. Now, in
this bug's case, it can just be worked around via suitable
configuration but what if it had been a total show stopper? There would
have had to be a new release and people would have had to update again.

I believe that if the release manager feels like publishing bugfixes
along with a security related release, two releases should be issued in
one day. That way, the conservative admin can go for the first one
which only fixes the security problem and the the more daring one can
take his chances with the second one which adds the bugfixes.

Well, this is just my five cents worth and I'm happy for people to
comment and tell me why I'm totally and utterly wrong to hold such an
opinion. ;)

Cheers,
Christian



More information about the TYPO3-team-core mailing list