On 8/31/2011 5:31 AM, Jim Jagielski wrote: > > On Aug 31, 2011, at 4:38 AM, Plüm, Rüdiger, VF-Group wrote: > >> >> Let's see where we head with the regression report Stefan mentioned. >> If it is really something that needs fixing we should go for 2.2.21 >> and fix the above issues as well. > > Agreed… also, if this is such a concern, then Bill should update > the release tools to req what he demands as the canon list > of build tools that must be used and recall such concepts as > "one cannot veto a release" (and other times when we pushed > a security release out aggressively)
No veto - just expressed a preference that we don't wildly change the build tools for a 'minimal change'. If this were simply 2.2.20, the latest and greatest release, I couldn't care less :) Let folks who encounter issues stay with 2.2.19. It isn't my demand, just a simple observation of what is in httpd-2.2.19.tar vs httpd-2.2.20.tar. Somehow it's Wednesday, and none of the patch authors have actually placed this critical security patch in either https://dist.apache.org/repos/dist/release/httpd/patches/apply_to_2.2.20/ https://dist.apache.org/repos/dist/release/httpd/patches/apply_to_2.0.64/ If these are not patch-worthy, I highly doubt them to be release worthy, so I'm afraid I don't have a lot of respect for this whole <24 hour release process. You are almost right, Jim, we've been aggressive with our security releases, but _never_ with less than 24 hours of careful consideration.
