[TYPO3-core] Combining security and bugfix releases

Björn Pedersen pedersen at frm2.tum.de
Wed Jan 4 11:02:06 CET 2012


Am 04.01.2012 10:41, schrieb Rik Willems:
> 
>> In regards to the process making it hard to have security updates
>> decoupled from the bugfix, I think I don't quite understand. Why does a
>> security release have to be a snapshot of the source tree? Wouldn't it
>> be much easier to take the security patch, apply it to the latest
>> release and then release that patched version as the security fix
>> release? In fact, that way you could even release the patch by itself
>> as well, so people can choose to download just the patch instead of
>> downloading a new source tree which is 99% the same as the one they
>> already have.
> 
> This was my thought exactly when reading the discussion. Are there any
> arguments against this way of working?
> 
> Cheers! Rik

Well, the main problem is, that you double  the amount of testing that
has to be done: The security fix then has to be tested on both  the
sec-release (based on the last released version) and on the bugfix
branch version as well. And if there is a changes on the same code part,
then it gets even more complicated. So it is partly a problem of man
power, as the testing has to be done by someone.

Björn



More information about the TYPO3-team-core mailing list