On Wed, 22 Nov 2000, Ben Collins wrote: > > As a CD Vendor I have watched this thread with interest. The day that you > > release 2.2R2 there could be a major security hole announced that needs > > fixing. There could be another one the day I get the Cd's back from the > > replicator !! > > But there are security issues we know about *now*. I'm not assuming things > will happen, they already have, and the known issues need to be included.
Yes - but you have to cut off sometime, because while you are fixing and incorporating the fix for the known issue another issue will arise that you could hold the release for, and I see security issues and updates happening daily on all distributions ! I cant phone my replicator and say - hold those Debian Cd's, there's just been a major security hole found in xxx package. Once you say 'that is the release' then you cant afford to upset people by having another release in a couple of weeks or by saying 'dont use that release', but you have to issue the fixes as updates to that release. Regards Lance
