[TYPO3-core] Combining security and bugfix releases

[Michael Stucki]

Hi guys,

Am 20.12.2011 19:55, schrieb Steffen Gebert:
> As already said: Usually everything is reviewed - except very few sub
> parts of the core (like htmlarea) for which the maintainer has the
> permission to directly merge, as there would be hardly no reviewer
> available who knows that code.
> So if we would have more people interested in maintaing htmlarea or
> those sub parts, this might not have been happened. Still, there's the
> lack of manpower to do it better.
> 
> Of course, regressions in security releases suck badly - but I guess
> there's no royal road - except more automated tests, more reviewers,
> more .. - more man power!

I fully agree with this. Don't forget that even a security fix might
introduce a regression.

Actually there should never be any regressions, every single occurence
is one too much. Any branch (including the master branch!) should remain
stable at any time, and if we try to work around this, then we basically
make it easier to add even more regressions in the future.

IMHO the important point is that IF a regression occurs, that it will be
fixed quickly (e.g. within 2 days max).

What do you think?

- michael

-- 
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/