|
From: | Paul Eggert |
Subject: | Re: [ANNOUNCE] Emacs 25.3 released |
Date: | Wed, 13 Sep 2017 00:07:00 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
Andreas Schwab wrote:
It's all about trust. And especially in the context of security, trust is the most important thing.
You're right. Security-minded users need to be suspicious when new software releases are made out of the blue. Having an emergency release tagged and publicly visible in the repository can help allay these natural suspicions.
We don't have much practice making emergency Emacs releases because we don't often make them (which is a good thing!). That being said, the next time it happens we should try to have a smoother rollout, and having a properly tagged commit should be part of that. This will help avoid this particular confusion next time.
Another thing I'd like is a faster rollout. We were publicly notified of the bug on September 4 and did not announce a new release containing a small fix until over a week later. Although there were reasons for the delay, it would be better to get announcements and fixes out faster. I've had multiple offers from others to help, and would like to take up at least one of these offers. Of course trust is an important concern here as well.
[Prev in Thread] | Current Thread | [Next in Thread] |