[flac-dev] New release
Brian Willoughby
brianw at audiobanshee.com
Mon Nov 24 10:22:12 PST 2014
I agree with Miroslav. It is a good practice to make a security release on a "branch" of the stable, shipped code, so that people can obtain the security fix with minimal risk to other changes. Even if the new code passes all tests fairly soon, it wouldn't hurt to have a couple of releases - one purely for security, the next with new changes in other areas.
Brian Willoughby
On Nov 24, 2014, at 12:47 AM, Miroslav Lichvar <mlichvar at redhat.com> wrote:
On Sun, Nov 23, 2014 at 02:44:00AM -0800, Erik de Castro Lopo wrote:
> lvqcl wrote:
>
>> I have a couple of questions:
>>
>> 1) Do you plan to release 1.3.1 pre1, pre2 etc or just 1.3.1 w/o any pre-releases?
>
> I had not planned to do a pre-release.
FWIW, considering how much code has changed since 1.3.0, I'd rather
see the security bug fixed in a new 1.3.0 release, maybe with some
other serious bugs like the metaflac memory corruction, and have a
prerelease for 1.3.1 to test it thoroughly.
I know the new release is almost ready, but if some serious bug is
found in 1.3.1, a new release will have to be made anyway to not force
the users to the vulnerable version.
--
Miroslav Lichvar
More information about the flac-dev
mailing list