Hi! > Yes, they should be made public. Not doing this is a process issue.
Rather absence of process issue - right now we pretty much have no process of handling security bugs. I'm trying to do what makes sense but sometimes things fall through the cracks - like forgetting to check all the bugs for privacy settings... > to HTML, see README.RELEASE_PROCESS for HTML requirements .. even > beter would be generating NEWS from commit messages ... but small > steps help already) NEWS from commits doesn't seem to be feasible, we tried that some time ago but commits are way too noisy and special syntax just makes people confused and they routinely forget to do it right. HTML from NEWS seems to be doable though - right now it's 90% automatic, make sense to get it to 100%. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
