[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-developers] CVS branches tags policy ... risks for end
From: |
Olivier Berger |
Subject: |
Re: [Phpgroupware-developers] CVS branches tags policy ... risks for end users applying patches with cvs update ? |
Date: |
Tue, 16 Mar 2004 16:17:18 +0100 |
Hi.
OK, thanks for these details.
Actually, it's my mistake : I didn't understand that the branch was
already there long before the release tag had been set.
So it's much clearer for me now... and I tend to be much more confident
in the update I'll do on my copy.
Thanks for taking the time to answer. Sorry for disturbance.
Best regards,
Le mar 16/03/2004 à 15:32, Chris Weiss a écrit :
> I don't know the policy for the release tag, I think it's only purpose if to
> provide a "point in time" checkout for the files in the tarball. Nothing ever
> get commited back to this.
>
> All development, including interim security patches, are done on the branch.
> Everything in the tarball has the branch tag and nothing has the release tag
> since it's taged afterwards.
>
> HEAD is anyones game, it's not for production use and is often broken except
> for when we're really close to make a RC and giving the code a new branch tag.
>
> On a stock tarball, it's always perfectly safe to run a cvs update -dPC on it.
>
> Olivier Berger (address@hidden) wrote:
> >
> > Hi.
> >
> > <disclaimer>I'm a user and not a developper, so pardon me if I mess with
> > other people's business.</disclaimer>
> >
> > I'm considering the process suggested for users to apply "security" or
> > other fixes patches in phpgroupware (namely using cvs updates in the
> > contents of the initial tarball)...
> >
>
> >
> > I'm wondering if there is a specific policy you apply for CVS tags
> > relating to the branches on released versions, and would like to be sure
> > that there's no issue with applying the "security" updates suggested by
> > the phpGroupware docs.
> >
> >
> > If I get the picture right, the updates concerning the 0.9.16-001
> > version are available using the Version-0_9_16-branch checkout tag.
> >
> > But if I look at the sources, I'm surprised to see that only a few
> > elements are tagged with this branch tag...
> >
> > So I assume that the policy in the project is to tag only when the HEAD
> > commits won't apply safely to "patches" on the released version any
> > longer, and assume, then, that every commits on the HEAD will be
> > properly applied to the user's installed versions when they do a cvs
> > update under their untar'd copy.
> >
> >
> > It seems quite optimistic to me, unless every phpgw developper
> > understand this very clearly, and I wonder if a more conservative
> > approach wouldn't be more secure for the users, that is to tag every
> > elements both with the release tag (Version-0_9_16-000) and the
> > corresponding branch tag (Version-0_9_16-branch), and potentially move
> > the branch tag on the HEAD branch at some time if HEAD modification
> > apply safely.
> >
> >
> > I hope I made my point clear enough, and am looking forward to hearing
> > from you.
> >
> > Best regards.
> >
> >
> >
> > _______________________________________________
> > Phpgroupware-developers mailing list
> > address@hidden
> > http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
> >
>
>
>
> _______________________________________________
> Phpgroupware-developers mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
--
Olivier BERGER <address@hidden>
Ingénieur Recherche - Dept INF
INT Evry (http://www.int-evry.fr)
OpenPGP-Id: 1024D/6B829EEC