1) I agree with the commented flaw in this release. Next time, we should do a security release from the previous tag, this is even easier because we won't need to release a RC.
2) In any case, we have released an RC that reduces the changes of having regressions. The e-mail you pointed is not really a regression, but the result of fixing an html safety issue in Rails. 3) I disagree that Rails Core should provide monkey patches for security releases, except the cases it is the only option. Rails provides the ability to be vendored exactly so you can apply important patches, like the ones in security releases. If someone wishes for a reason completely external to Rails to not vendor it, we cannot and should not be responsible to support it. This also applies for those who decidedly do not upgrade their Rails versions when tiny versions are released. We cannot and should not support all Rails versions released. As you already said, there is *a lot* of effort in doing a Rails Security Release. We provide patches not only for 3.0.x, but also 2.1.x, 2.2.x and 2.3.x. Asking for monkey patches because a small niche prefers to not vendor or update their Rails versions is missing the big picture and the amount of effort that is already put into a security release. Finally, I appreciate your effort on proposing suggestions to the release process. I also want to thank Koz for doing those extremely important security releases. On Feb 10, 5:22 pm, fowlduck <[email protected]> wrote: > All that and I forgot to mention that the flaw in the release process > was that this wasn't provided along with the patches. I propose that > security releases in the future include a file to monkey-patch the fix > into a reasonable number of previous patch releases. Maybe for > releases back to patch 0 of the current minor release? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
