[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NOTICE: Intent to T&R 2.4.36

On Wed, Oct 10, 2018, 14:28 Jim Jagielski <jim@xxxxxxxxxxx> wrote:

On Oct 10, 2018, at 3:01 PM, William A Rowe Jr <wrowe@xxxxxxxxxxxxx> wrote:

On Wed, Oct 10, 2018 at 1:45 PM Jim Jagielski <jim@xxxxxxxxxxx> wrote:
I thought the whole intent for a quick 2.4.36 was for TLSv1.3 support.

If that's not ready for prime time, then why a release??

AIUI, it isn't that httpd isn't ready for release, or even httpd-test framework.
Until all the upstream CPAN modules behave reasonably with openssl 1.1.1
we will continue to see odd test results.

The question is How Comfortable Are We That TLSv1.3 Support Is Production Ready?

This release seems very, very rushed to me. It seems strange that for someone who balks against releasing s/w that hasn't been sufficiently tested, or could cause regressions, and that the sole reason for this particular release is TLSv1.3 support which seems insufficiently tested, you are uncharacteristic cool with all this.

You elided the other half of my answer, you might want to read the entire comment.

If we can exercise the same discipline with 2.4.37 that we showed with 2.4.35, then instead of producing a string of releases with a string of regressions, we still come out ahead for all users.