-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marc Balmer wrote:
Andreas Jung wrote:
I uploaded corrected versions of the Zope 2.9.7 and 2.10.3 tar-balls. The tar-balls released yesterday contained a bug that caused a startup failure when using "zopectl start".
don't do this again.
Don't do what? I was about to agree, as I don't think re-releasing under the same version number was correct: the new releases should be 2.9.7.1, 2.10.3.1, or something similary (or bump to 2.9.8, 2.10.4).
this bug is so obvious to catch that I have some serious doubts about your software testing process. are you releasing totally untested code? can we trust your releases in the future, will you change sth in your process?
The testing that gets done is not done from "released" tarballs, but from subversion checkouts. This was a bug in the process that created the tarball from a checkout, and not in the underlying Zope software itself. I *think* it also affected only those who build and install Zope as root, although I can't tell for sure, since the tarballs have been replaced. At any rate, I *never* build, install, or run Zope as root, and hence would never have noticed the problem, even if I were doing the releases myself.
Releasing software as a security fix that does not even start makes you look like a moron, I am sorry to say.
Too harsh. Certainly nobody likes having released a "brown bagger", but mistakes do happen. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGCDHa+gerLs4ltQ4RAqHbAJ9UvloqzCCj9NrCaGSeYZDfZduaJwCdFH5l ydlyxzoHGP7aNnVjG1IJClU= =6vHA -----END PGP SIGNATURE-----