Daniele Nicolodi:
> On 10/03/2019 15:07, Wietse Venema wrote:
> > You are looking from the "we made improvements" angle. I am looking
> > from the "with hard work, we introduce 1 bug in 1000 lines of new
> > code" angle.
> >
> > In the TLS library there were 1039 additions and 559 deletions from
> > Postfix 3.3.3 to 3.4.1 (diff -bur --new-file for 'c' and 'h' files
> > only, excluding proxy-related code). That count does not distinguish
> > between low-impact changes that affect only nearby code, and
> > high-impact changes that affect multiple lines, such as global ifdefs.
> >
> > The changes among those 1600 lines that 'broke' intended functionality
> > are 'easy' to weed out - just wait for people to to report breakages.
> > Such a reactive approach might be acceptable in some projects.
> >
> > I am concerned about the changes among those 1600 lines that did
> > NOT break intended behavior, but that introduced some other problem.
> >
> > What is the basis for confidence that no such problems have been
> > introduced, if we obviously missed multiple things that could have
> > been found with simple tests?
>
> I have no say in the development of Postfix, however I believe another
> interesting question that should be asked is: what is going to make you
> more confident in the releasing those changes later this year with
> Postfix 3.5? Are there circumstances for which more testing and code
> auditing will happen if the code is not released?
Because we won't be changing 1600 lines in a critical library two
months before the release.
Wietse
