Thank you Prem for the explanation. I do understand it now. However, I'd kindly like to raise a point. In the documentation for the "patch" number, it says: "Only bug fixes, no API changes, no new features. Except as necessary for security fixes." I'm being extremely technical and specific, so bear with me :)
1. As long as you're releasing a new version of software, there is a risk that something somewhere will break. It's hard (if not impossible) to guarantee that the software will run as expected after an upgrade, even if the change is a single line of code. 2. According to the description for the patch version number, upgrading from rails A.B.C to A.B.(C+N) should work as expected unless it's absolutely necessary to break things due to security fixes. Based on this, in this case, I think doing 6.0.3 or 6.0.2.1 should technically mean the same thing. I know it's "just a version number" and I might be overthinking this, but for some reason this made me feel a little bit weird. As you said, adding this to the guides might make me "at peace" (if there's anything I could do I'd be happy to provide some help). Again, thanks for hard work. On Tuesday, December 24, 2019 at 5:45:00 PM UTC+3, Prem Sichanugrist wrote: > > Hello Abdullah, > > The reason that Rails Core Team did 6.0.2.1 and not 6.0.3 because 6.0.2.1 > is pretty much a forked branch out of 6.0.2 with a security patch applied > on top of it. > > In the past, the patched version came off a stable branch (such as > 6-0-stable) and contain other changes that had unintended consequence such > as uncaught regression, breaking the applications and people had to > monkey-patch their Rails to get the security fix in instead of able to just > upgrade to the new version. > > I believe this approach is the best of both world, as if you were on 6.0.2 > you can be sure that your app should still work after upgrading to 6.0.2.1 > as they are pretty much the same. > > Maybe we need to add more documentation about the security version to our > guides, if we are missing the explanation on why we are doing it this way. > > I hope this help. > > -Prem > > > > On Tue, Dec 24, 2019 at 11:10 PM Abdullah Esmail <abdulla...@gmail.com > <javascript:>> wrote: > >> Hello there, >> First I would like to thank the core team for the amazing work they've >> been doing. >> It's amazing to see how stable and mature rails has become year over year. >> >> With the latest release, currently 6.0.2.1, I was trying to figure out >> why it was 6.0.2.1 and not 6.0.3. >> Looking at the guides, I did not find what the ".1" after the tiny >> version means. >> >> However, I remember a few years back reading something about it being for >> unplanned severe security releases or something like this. >> Still, personally I still feel like it's easier to increase the tiny >> version instead of adding an additional part. >> >> This is just how I feel. If there is an explanation of the current >> versioning that I'm missing, please let me know. >> >> Thank you so much for this amazing framework. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Core" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to rubyonra...@googlegroups.com <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/rubyonrails-core/8602d8ea-f5fa-4dc9-a9b2-5cb50c991a1c%40googlegroups.com >> >> <https://groups.google.com/d/msgid/rubyonrails-core/8602d8ea-f5fa-4dc9-a9b2-5cb50c991a1c%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-core/9c8d0ab3-01a8-41d8-acb1-85bb18d11d02%40googlegroups.com.
