On 9/19/2016 9:20 AM, Pedro Giffuni wrote:
Given this is already late you should probably reconsider bringing in
some fixes to known bugs. If the idea is just that 4.1.3 = 4.1.2 +
CVE-2016-15-13, then it seems to be a huge waste of bandwidth for both
mirrors and end users.

All just IMHO,

From a bandwidth point of view, the end users are what matters - they generate the tens of thousands of transfers. If we release 4.1.3 with release notes and press releases that say what is in it, they can decide for themselves whether to download or not. If we effectively combine 4.1.3 with 4.1.4 and delay it until we get more fixes in, the end users don't get that choice.

In addition to the security fixes, in my view a major objective of 4.1.3 is to reestablish the ability to release AOO. The more often we produce point releases, the better we will get at generating them, and the less vulnerable we will be if a security issue needs to be fixed quickly.

To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org

Reply via email to