Hi Eli et. al. just wanted to thank you for the background and say that as someone who works in the information security field, I support your decision and reasoning 100%. With a severe security issue, it is much much better to release quickly and have a release which ONLY addresses the security issue. In addition to potentially introducing new issues once you release other changes, bundling more than the security fix can delay adoption as people will tend to be more conservative due to concerns new/changed functionality may impact existing workflows. Limiting the release to just the change necessary to fix the vulnerability reduces concerns and risk and helps to drive more rapid adoption. Thanks to all for their effort. Tim On 15 September 2017 at 16:23, Eli Zaretskii wrote: > > From: Glenn Morris > > Date: Thu, 14 Sep 2017 16:30:46 -0400 > > > > I've just noticed that the Emacs 25.3 release seems to be literally just > > the 25.2 release plus the enriched changes. Specifically, it seems to be > > based on 784602b. Why wasn't it based on b638993? There were very few > > changes in the emacs-25 branch post 25.2, and I don't see why they were > > omitted. > > The emacs-25 branch included a couple of non-trivial code changes post > 25.2, which were not widely tested. In fact, I'm guessing that no one > actually used the branch, once 25.2 was released, more than just start > it up and maybe run the tests. In these conditions, making 25.3 from > the branch tip would mean there would have to be a pretest or an RC, > which would have delayed the release considerably. Doing that was > inconsistent with the sense of urgency shared by everybody of the > Emacs 25.3 release. > > I thought I wrote all that here, but I see now it was off-list, with > John, Richard, and Paul. Sorry about that, but it became hard to > track the addressees at that point among the storm of messages with > similar Subjects. > > -- regards, Tim -- Tim Cross