Omar Adobe still has maintenance interest in previous releases...
http://www.adobe.com/support/security/bulletins/apsb11-25.html http://kb2.adobe.com/cps/915/cpsid_91544.html I'm not sure that skipping a point release ahead is enough elbow-room to prevent collisions. This is another reason I recommended the package name change... and resetting the version to 1.0. -- Rick Winscot On Wednesday, January 18, 2012 at 12:08 PM, Omar Gonzalez wrote: > Adobe has stated that JIRA issues with security problems would not be > ported to our JIRA. I think they are not porting those, obviously, because > then big gaping security holes would be out in the open that they probably > don't want the public to know about... I know the project's been donated, > but the 4.6 still bears the name Adobe Flex, and because their name is on > it they are going to continue to take the same kind of steps they've always > taken to safeguard security risks. > > Ideally, the patches to the 4.6.x security holes that Adobe might fix, or > anything else it patches, do make their way into our branch at some point. > But this is why I suggest that the Apache Flex version numbers start at > 4.7.x, so there is no confusion. Any hotfixes, patches and security holes > can be maintained for 4.6 versions by Adobe without them having to worry > about changes done in 4.7, and it'd be easier for us to merge those changes > from 4.6.10 or whatever to 4.7.0 and back up the chain... at least I think > it would be, someone might correct me on this. > > -omar
