Subject Re: Confused about Firebird releases
Author Adam
--- In, Carsten Schäfer
<ca_schaefer@...> wrote:
> Ann W. Harrison schrieb:
> > Carsten Schäfer wrote:
> >
> >
> >> I don't understand this, too.
> >>
> >>
> > The problem is not just stability - it's also security. Once
> > a security bug is fixed and published, it becomes a significant
> > risk for all users - including users of older versions if the
> > bug was present in those versions. Similarly, a known and
> > published crashing bug becomes a risk of denial of service for
> > older versions.
> >
> I understand this.
> But if the time for a security update takes 8+ month i don't think this
> is a major problem.

What are you talking about 8 months for? It may be 8 months before an
issue serious enough to require a new point release is found, but
there is nothing magical about such a number.

If a serious flaw is discovered, it will be patched on all supported
versions as soon as practical providing the patch can be feasibly

> In 8 month every developer could have upgraded his application to
the newest stable firebird version.

Nonsense. It can take several months and a large expense to just
certify an application on a new major version of DBMS. Even without a
certification process, it can require weeks of testing to trace and
then iron out issues caused by a major upgrade. Some development
houses even have other work to do in that 8 month window.

It took us 12 months to trace, remove or rewrite code that the 2.x or
2.1 engine finds ambiguous, or chooses a plan less optimal than the
1.5 series. Granted this was not a goal we gave special focus to, but
it is only last month we could actually claim full support for 2.1.x.

We were able to move through the point releases of 1.5 with targeted
testing within a week of release and with no code changes from our
side. It takes a lot more effort to migrate to a new major version,
arrange for acceptance tests and then perform upgrades for hundreds of

I doubt that releasing security fixes for old versions significantly
delays new versions of Firebird. I imagine it would be the same
changes made in different branches.