On Tue, 3 Apr 2001, Punky Tse wrote:
>
> And I think it is also good to state in the mail-announcement and in the
> jakarta website that the b2 have such security vulnerability when b3 is
> rolled out.
>
It will. The beta-2 release is also going to get pulled so that no one
will download it accidentally.
> Punky
>
Craig
>
> ----- Original Message -----
> From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, April 03, 2001 7:38 AM
> Subject: Re: Tomcat 4.0-beta-2 Security Vulnerability
>
>
> >
> >
> > On Mon, 2 Apr 2001, Mel Martinez wrote:
> >
> > >
> > > --- "Craig R. McClanahan" <[EMAIL PROTECTED]> wrote:
> > > >
> > > > I suggest that we create a revised version of beta
> > > > 2, clearly labelled so
> > > > that people will know whether they have the
> > > > corrected version or not --
> > > > and we should do this immediately (like today) to
> > > > minimize the number of
> > > > people who end up downloading twice.
> > > >
> > > > I suggest we call the updated version "Tomcat
> > > > 4.0-beta-2-update-1" or
> > > > something like that.
> > > >
> > > > Comments? Votes?
> > > >
> > >
> > > I vote you just call it "Tomcat-4.0-beta-3". I don't
> > > recall ever being told there were limits to the number
> > > of betas one can produce. :-) I believe that a new
> > > beta number is justified by any significant bug fix or
> > > fixes and a security hole is definitely significant,
> > > even if the code change may be tiny.
> > >
> > > By labeling it 'beta-3' it is CLEARLY the latest build
> > > and CLEARLY newer than beta-2.
> > >
> >
> > Makes sense to me. "Beta 3" it is.
> >
> > > fwiw,
> > >
> > > Dr. Mel Martinez
> > > G1440, Inc.
> > >
> >
> > Craig
>
>
