On Mon, Mar 06, 2017 at 01:19:00PM +0000, Daniel Shahaf wrote:
> I think there are two separate questions here:
>
> - Should we release alpha2
>
> - Should we release alpha3 with sha1 fixes
>
> I'm happy to join the consensus and +1 the latter. However, I also +1
> the former. I don't see a reason to hold alpha2: it is rolled, it is
> voted on, and being an alpha it comes with no compatibility strings
> attached. So I lean on the side on releasing alpha2 and indicating in
> the release announcement (the mail to announce@ and the index.html
> blurb) and an alpha3 is expected within ${timeframe} that will include
> sha1 fixes.
Yes, we could do this, but...
The alpha release should be very attractive so that people will be
inclined to test it. Release announcements are the largest part of
our communication to the public. I believe the public is waiting for
SHA1 fixes from us because that problem was the latest thing they saw
in the news. An outdated alpha 2 release today would seem disappointing
compared to an alpha 3 next month which contains the same nice things
and contains SHA1 fixes, too.
> > Apart from the server-side fix(es), I was under the impression that
> > the working copy also needed fixing (being able to store collisions in
> > the pristine store), and perhaps the ra_serf protocol?
>
> And 'svnadmin load' — but why should we wait for all these to be
> written? It's not a release candidate, it's just an alpha, and we do
Agreed that for an alpha it does not matter how many SHA1 issues we fix.
But I hope we can manage to provide a set of fixes in the next 1.8/1.9
patch releases to eliminate most concerns users may have about SHA1 issues.
The fact that 'svnadmin load' breaks if someone manages to commit these
PDF files makes me nervous because many users rely on 'svnadmin load' to
restore backups. SVN's reliability track record is a very strong selling
point and we should not gamble with that.
> have features that we want users to test (stsp's conflicts work).
We don't need these test results tomorrow. Within the next 2 or 3 months
works just fine. I think the SHA1 issues require more immediate attention
because they negatively affect the public's perception of Subversion.
The conflict code won't run away and will improve over time in any case.
