[Zope-Coders] Re: [Zope-Checkins] CVS: Zope/lib/python/ZPublisher - Converters.py:1.14.8.2

[R. David Murray]

On Mon, 16 Sep 2002, Chris Withers wrote:
> Even if I was, many 'customers' are only happy with official releases and may
> even baulk at security hotfixes being applied.

I can understand customers baulking at running "patched" code just
because the consultant tells them "it's safe and it adds a nice
new feature".  However, you should *not* accept the customer
baulking at applying security patches.  Customers need to be educated
about the critical importance of staying up-to-date with security.

I'd also argue that one of the *strengths* of the open source world
is that in actuality it *is* reasonable for the consultant to say
"this patch fixes the bug that is causing us problems" or even "adds
a feature we really need".  So again, user education is needed, I
think.

The "security patch" user education issue is circumvented by the
proposed policy change to only put security fixes into x.x.n releases.
Customers who can't stand patches might just have to bite the bullet
of doing an x.n upgrade to get their fixes.  Of course, that means
x.n releases should happen more often.  I think that's a goal,
though; I think the delay in 2.6 and 2.7 is part of the learning
process as more responsability is transfered to the community. (But
maybe not enough has been: as ChrisW pointed out obliquely, if
we had the ability to cut a beta the 2.6 beta would have been out
a while ago, I think.)

--RDM