[Mailman-Users] Mailman 2.1.10rc1 has been released
yahoo at jimpop.com
Wed Apr 16 03:08:26 CEST 2008
On Tue, Apr 15, 2008 at 8:49 PM, Dragon <dragon at crimson-dragon.com> wrote:
> I'm going to be harshly critical as well. Did you even read the release
> notes in the announcement?
Yes, I did.
> You are completely off base here. While Mark did not explicitly say so in
> his reply, the fixes for the security problems noted are in the release.
You seem to think that all sites will magically dig the fix out of a
RC release to apply to 2.1.9 or less install.
> If you had read the notes, you would see that. I suggest you go back and
> read the original announcement in full.
You are assuming, incorrectly, that I never read it.
> I'm currently using the 2.1.10b4 release and it has been quite stable
> since I went to it. I have no qualms about moving to the 2.1.10rc1 release
> and will do so as soon as I can manage the time to do it.
> My experience has been that by the time a release candidate is announced
> by this project, it is usually quite close to the final version and the
> only changes that are made in a stable release are often just translation
That is *your* experience, but that may only be unique to *you*.
Quit thinking that *your* scenario works in everyone else's model.
Through out this whole 2.1.10 RC process, Mark has implied over and
over that the RC (release CANDIDATE) was recommended for immediate
replacement of all previous versions of Mailman. I questioned that a
month ago, and was told that the release CANDIDATE contained security
fixes not available to prior versions. Everyone now knows what those
vulnerabilities are, but there is no *fix* for prior versions, nor is
there a *stable* (i.e. non-release CANDIDATE) available with the
fixes. Sure the release CANDIDATE might work in some situations, but
what about those environments where only final releases, or
non-development code, are permitted by policy?
More information about the Mailman-Users