I also run web2py in production, but I also don't upgrade my web2py version with the latest release (unless it is a security release). I usually stay 2-3 versions behind on my production code... sometimes even older code unless there is a security release OR I want some new functionality.
The biggest thing is we need tests, the second thing is we need people to test on the nightly builds or against trunk. Thing is, web2py community is not yet big enough for people to just test for the heck of it, most won't even upgrade unless a new version is posted, so that is why alot of these "bugs" don't get caught until a release, just a simple matter of not having enough people to test and not having proper unit tests in place. -- Thadeus On Mon, May 17, 2010 at 10:38 PM, mdipierro <[email protected]> wrote: > You raise an excellent point. > > So far the only security bug was the one reported a few months ago. > 1) Yet we do need a mechanism for reporting this kind of problems. > > 2) We also need a team of volunteers committed to check nightly built > the week before release. So far very people check the nightly built. > > 3) Definitively we need more tests about features in place to avoid > that new features break old features. > > Bugs in new features are going to happen no matter what but that is > not a serious issue. > > Massimo > > > On May 17, 10:00 pm, Kevin Bowling <[email protected]> wrote: >> I'm going to take a stab in the dark and venture to say that I'm not >> the only one using web2py in a "production" environment (i.e. people >> other than me are accessing the app) :-P >> >> It seems that with many recent releases there are rather embarrassing >> bugs. The worst was several months ago when authentication was >> completely disabled. >> >> Can we adopt a strategy to minimize these potential disasters? A >> sufficient beta channel would do the trick, and a tightening of what >> is acceptable as a release build. >> >> Also, how about a security channel so we know when an old version is >> unsafe and upgrades are mandatory? Is there any statement on this >> already? >> >> Regards, >> Kevin >
