On Jan 18, 2007, at 9:35 AM, Jeremy Dunck wrote:
On 1/17/07, Adam Seering <[EMAIL PROTECTED]> wrote:
...
We're not eager to use the SVN HEAD version of source on our main
servers. The Django API-change docs are good, but not that good; we
have had code break unexpectedly in the past after "svn up"'s, and
that just makes us sad when it happens.
While I understand that reasoning, you may want to take something
closer to trunk for now, and regularly have an update/test cycle in
dev. 0.95 was 6 months ago, nearly 900 revs.
Perhaps we should have an 0.95 bugfix branch, and backport this
issue to it.
This does seem to be the common practice in such frameworks; this is,
after all, the purpose of a release: It's a fairly stable codebase
that will be maintained for an extended period of time, with bug
fixes / security patches / etc. Otherwise, you could just tell
people to check out a particular SVN version, or have nightly
tarballs or something.
If you don't do that, I really think that Django should add a section
to its download page: "This release version has a list of known
security bugs. <possibly insert list here> Please download patches
for them." This, of course, is highly awkward. Then again, isn't
distributing "release" code with known and fixed security holes, also
awkward?
Thanks,
Adam
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
