Ethereal-dev: Re: [Ethereal-dev] Creating a stable branch

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Wed, 15 Mar 2006 10:32:05 +0100
On Tue, Mar 14, 2006 at 04:16:02PM -0600, Gerald Combs wrote:
> The next big step in improving Ethereal's security is to branch off a
> stable release.

Not yet. We should really wait until privsep is complete, so the next
release should really be 0.10.15.

> A side effect of this high rate of change is the introduction of bugs
> (some of them security-related).  While a release might fix several
> vulnerabilities, it will typically introduce several more.

Sure, but that's OK ;) We spend lots of time on both, new features and
bugfixing, and they cannot be seen differently in many cases (see the
tcp analysis code rewrite, which eventually fixed more bugs than it
introduced).

> Once the Coverity defect count goes to zero I plan on creating a stable
> branch, which shall only receive bug fixes.  I'd like to call it "0.99"

No, see above.

> Why 0.99/1.0?  Whether we like it or not, people have been treating
> Ethereal as if it's "1.0" and have been using it in production
> environments for a very long time.  Calling it "alpha" or "beta" quality
> with version numbers like  0.10.8 defies reality.

I am in favour of going to 0.99.x after we have all the features that
are required for an eventual 1.0 release, but I'm against creating a
branch at that time. I'd like to see an established policy of bugfixes
only for ~ 1 month, and if nothing comes up, we could release an
official 1.0 beta and ask everyone to do heavy testing. After 2-4 weeks
we could then release another beta or 1.0 final. After that, we would
start to apply the backlog of feature patches and go on as usual.
Reason: I don't want to see development efforts split between "stable"
and "head". It will also motivate developers to actively search and fix
bugs.
Whether the 1.0 branch can be maintained after head has resumed adding
features remains to be seen - that's a manpower/motivation thing...

> I'm not sure what to call any unstable releases that come from the trunk
> _after_ the 0.99 branch, however.

Intel started an interesting numbering scheme with their ipw drivers:
a.b.c, where c = 0 for "stable" releases. Maybe we could do something
similar but more for b=0, so if we find out that we really are able to
make bugfixes to older release, we can increase c.

 Ciao
      Joerg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.