[tinysofa-devel] tinysofa, release candidates and security fixes (apache-2.0.51?)

Omar Kilani omar at tinysofa.org
Sun Sep 19 19:00:33 UTC 2004 

Rönnblom Janåke /Teknous wrote, On 18/09/2004 10:47 AM:

> Hello everybody.
> 
> http://www.apache.org/dist/httpd/Announcement2.html
> 
> Has the apache-2.0.50-3ts that is shipped with server-2.0 these
> fixes?

apache-2.0.50-4ts in updates contains these fixes:

Patch100: 
http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/CAN-2004-0747.patch
Patch101: 
http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/CAN-2004-0748.patch
Patch102: 
http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/CAN-2004-0751.patch
Patch103: 
http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/CAN-2004-0786.patch
Patch104: 
http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/CAN-2004-0809.patch

> squid-2.5.STABLE6 is the latest from squid-cache.org

Yes, but version numbers don't necessarily mean anything in a 
distribution. The squid package is up to date and has many additional 
patches, but the version number will probably be bumped up for U1.

> Why is there release candidates and prereleases included with ts-2.0, for
> example:
> bind-9.2.4rc7-10ts
> vsftpd-2.0.2-0pre2.1ts

Because they're better quality than their predecessor "releases".

If you read the change log for vsftpd, you'll see that only bug fixes 
have gone into it since 2.0.1. So why not ship a bug fixed release?

Same applies for bind.

Version numbers in distributions are always deceptive, and it's up to 
the packager whether to keep the version number the same, and add 
patches, or bump the version number and update to latest upstream and 
drop some patches. The openssl package in TES2.0 is 0.9.7a. TCS1.1 is 
0.9.7c. The latest upstream version is 0.9.7d. Yet they're all on the 
same level in terms of features and security fixes.

Another reason is to show the intent of the packager, to say "I want to 
provide the bug fixes and features of *that* release, and although it's 
not a final release yet, it's stable and tested and working."

Of course, it's not an arbitrary decision, and change logs are looked 
through and what not to determine the impact of the decision.

> Is there any documentation that I overlooked or missed that explains this?

Nope.

Guess there is now. :)

> How many active developers of ts-2.0 are there?

One. :)

Omar

More information about the Tinysofa-devel mailing list