On Thu, 10 Jul 2008 22:35:18 +0200 Ramiro Gómez <web@ramiro.org> wrote:
In this particular case many people will be happy about the release, because the latest release candidates of views 2 and cck 2 do not work with Drupal 6.2. But I don't think it makes any sense to have a schedule for bug fix releases. This would somehow implicate that you know in advance when critical bugs get detected.
http://en.wikipedia.org/wiki/Patch_Tuesday#Exploit_Wednesday The "Exploit Wednesday" theory is questionable. If it is true that good sysadmin (shops with more resources) will patch ASAP, it is equally true that good cracker will exploit a vulnerability ASAP. On the other side shop with less resources will find easier to know when a patch will be available (preferably not on Saturday night[1]) On the down side a weakness may stay on the wild longer if you wait the scheduled release of patches. I think avoiding to release patches at Saturday or during important holidays, but still ASAP, should be enough to make every respectable shop happy. After all even if some people may deserve it, no one will really enjoy an army of p0wned Drupal sites... or even if they were not Drupal... an army of cracked sites is not going to make any good to anyone, unless you enjoy spam. [1] somewhere in the world will always be night, but at least you could avoid Saturday. -- Ivan Sergio Borgonovo http://www.webthatworks.it