Hash: SHA1

Marc Balmer wrote:
> Andreas Jung wrote:
>> I uploaded corrected versions of the Zope 2.9.7 and 2.10.3 tar-balls.
>> The tar-balls released yesterday contained a bug that caused
>> a startup failure when using "zopectl start".
> don't do this again.

Don't do what?  I was about to agree, as I don't think re-releasing
under the same version number was correct:  the new releases should be,, or something similary (or bump to 2.9.8, 2.10.4).

> this bug is so obvious to catch that I have some serious doubts about 
> your software testing process.  are you releasing totally untested code? 
>   can we trust your releases in the future, will you change sth in your 
> process?

The testing that gets done is not done from "released" tarballs, but
from subversion checkouts.  This was a bug in the process that created
the tarball from a checkout, and not in the underlying Zope software
itself.  I *think* it also affected only those who build and install
Zope as root, although I can't tell for sure, since the tarballs have
been replaced.  At any rate, I *never* build, install, or run Zope as
root, and hence would never have noticed the problem, even if I were
doing the releases myself.

> Releasing software as a security fix that does not even start makes you 
> look like a moron, I am sorry to say.

Too harsh.  Certainly nobody likes having released a "brown bagger", but
mistakes do happen.

- --
Tres Seaver          +1 540-429-0999          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to