[Zope-Annce] Zope 2.8.9, Zope 2.9.7, Zope 2.10.3 released
tseaver at palladion.com
Mon Mar 26 16:49:30 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Marc Balmer wrote:
> Andreas Jung wrote:
>> I uploaded corrected versions of the Zope 2.9.7 and 2.10.3 tar-balls.
>> The tar-balls released yesterday contained a bug that caused
>> a startup failure when using "zopectl start".
> don't do this again.
Don't do what? I was about to agree, as I don't think re-releasing
under the same version number was correct: the new releases should be
188.8.131.52, 184.108.40.206, or something similary (or bump to 2.9.8, 2.10.4).
> this bug is so obvious to catch that I have some serious doubts about
> your software testing process. are you releasing totally untested code?
> can we trust your releases in the future, will you change sth in your
The testing that gets done is not done from "released" tarballs, but
from subversion checkouts. This was a bug in the process that created
the tarball from a checkout, and not in the underlying Zope software
itself. I *think* it also affected only those who build and install
Zope as root, although I can't tell for sure, since the tarballs have
been replaced. At any rate, I *never* build, install, or run Zope as
root, and hence would never have noticed the problem, even if I were
doing the releases myself.
> Releasing software as a security fix that does not even start makes you
> look like a moron, I am sorry to say.
Too harsh. Certainly nobody likes having released a "brown bagger", but
mistakes do happen.
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v220.127.116.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Zope-Announce