> Personally, when I see "1.2.0pre10-4", I think, "This is not the same as the > original/base 1.2.0pre10." Depending on how the numbering is implemented, it > has been updated 3 or 4 times since the original 1.2.0pre10. So I would not > expect it to have the same bugs.
So did you fix the root hack in pre10, the DOS in rc1, or the typo in the install script? Oh yeah, I gotta read the changelog to find out, wheep.Making major changes to software (plugging root hacks counts I think....) and not modifying the software revision (ok, the Debian package number is revised, but that means nothing unless you read the changelog) is just a bad idea. Also when the main change in a software package is bug fixes and not feature additions I think it might be sane to upate the package, As for Apache, 1.3.12 has been out 6+ months, freezing software and using a version much older doesn't make much sense to me (and let's face it, some software packages, like Apache, do an extremely good QA job and generally don't ship broken stuff, OTOH big billy bobs irc client version .34 is another story). > > As for the "code freeze", well the code is NOT frozen if Debian is > > backporting changes into it, Apache 1.3.9 as shipped by Debian for example > > is more like a 1.3.9 sortof 10/11/12 but not really. While the argument "we > > are not adding new features" can be used, the fact of the matter is that > > Debian is making (in some cases significant) changes to code that changes > > behaviour (like fixing root hacks, cross site scripting vulnerability, > > whatever). > > Would you be more comfortable if it were called a "feature freeze"? Yup. And for gods sake, document it somehwere that you need to read the changelogs. I've actually gotten several emails from smart Linux people (i.e. people that also write/manage online Linux related publications) going "hey, that's news to me too". I am not going to sit down and read /usr/doc/* just on a whim, neither are most users or even people trying to do a review (i.e. I wouldn't mind seeing you guys writing a review of say TurboLinux =). > Dave -Kurt
