It has been brought to our attention that the
decision to increment the so version as part of the 2.2.1 release
may be problematic:
It would be great to get any additional community commentary on
this. The .so version was bumped up mainly as an (admittedly
conservative) precautionary measure, since it had been a long time
since the previous release. Given that these are security
vulnerability fixes, it's understandable that there might be in
some cases a desire to be able to drop in replacement builds of
OpenEXR without recompiling the host application.
Two options we can take are:
- a)- patch the currently tagged 2.2.1 to no longer
include an .so version change. This could be controversial unless
we get feedback that no one has adopted 2.2.1 in any significant
way yet (to avoid confusion around "what version of 2.2.1 did you
use?")
- b)- release a 2.2.2 version which is identical to
2.2.1, except with the older so version. This is somewhat
inelegant, but likely cleaner than option a).
Does the community have any strong positions on this
either way?
Francois.