On 9/19/2016 9:20 AM, Pedro Giffuni wrote:
...
Given this is already late you should probably reconsider bringing in
some fixes to known bugs. If the idea is just that 4.1.3 = 4.1.2 +
CVE-2016-15-13, then it seems to be a huge waste of bandwidth for both
mirrors and end users.
All just IMHO,
...
From a bandwidth point of view, the end users are what matters - they
generate the tens of thousands of transfers. If we release 4.1.3 with
release notes and press releases that say what is in it, they can decide
for themselves whether to download or not. If we effectively combine
4.1.3 with 4.1.4 and delay it until we get more fixes in, the end users
don't get that choice.
In addition to the security fixes, in my view a major objective of 4.1.3
is to reestablish the ability to release AOO. The more often we produce
point releases, the better we will get at generating them, and the less
vulnerable we will be if a security issue needs to be fixed quickly.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
