The unfixed Perl security process?

Posted Mar 1, 2012 15:19 UTC (Thu) by louie (guest, #3285)
Parent article: The unstoppable Perl release train?

Seems like that is the right title for this post. I'm a big fan of unstoppable release trains, but it presupposes that the rest of your release process is not screwed up. In particular, it assumes that critical bugs are identified early in the process and released. Sounds like that is badly broken here.

The unfixed Perl security process?

Posted Mar 2, 2012 6:15 UTC (Fri) by speedster1 (guest, #8143) [Link] (1 responses)

> In particular, it assumes that critical bugs are identified early in the
> process and released. Sounds like that is badly broken here.

That sounds ideal, but what sort of release process could reliably accomplish that goal with respect to security bugs? Tell people to have their security-related discussions during the first half of a new release, analogous to the kernel merge window?

The unfixed Perl security process?

Posted Mar 6, 2012 16:57 UTC (Tue) by man_ls (guest, #15091) [Link]

I am assuming give a high priority to fixing critical issues before adding new features. Apparently this particular problem has been known for a long time but has gone unfixed.