bradymiller wrote on Tuesday, April 02, 2013:
Hi,
Yes, that can be done. Note that the developers demo (including the 4.1.1 one) actually builds these packages daily as part of their scripts (this is where the daily zip/tar developer package on the download page come from).
Couple things to think about though:
1. We currently have several very easy to install packages (XAMPP,ubuntu,appliance) which make it very easy for potential users to install/trial the software (Note that the xampp package is the most downloaded package; even more than the zip package). By offering official releases with each patch, we won’t be able to support the xampp/ubuntu/appliance releases for each patch. And this experiment has already been tried; for example, in one of the past releases, a xampp package wasn’t released and we ended up spending lots of time telling people how to download the previous xampp version and then upgrade it. So, essentially, most new users will still download the xampp 4.1.1 version without the patch and need to upgrade it to the new patch anyways.
2. We currently have excellent installation documentation (on the open-emr.org site at least) that tells people how to install the package(and where to download it), and direct them to the patch and security pages. With each version release these instructions can change, and it could even change mid-patch (ie. this means more resources).
3. A patch generally takes several hours to release depending on the complexity and testing needed. By making it a release will place more burden on the patcher (ie. myself); for example, if documentation will be effected somewhere etc…
4. My view of a release is sort of similar to publishing an article/book. There are many pieces involved that take a lot of resources to accomplish (things like testing demo, zip/tar/ubuntu/appliance/xampp packages and the documentation). This release then provides a solid foundation for new users to install and try the product. If a new user can’t install it on the first attempt, then you will generally lose that new user. You will not lose that new user if they install, like it, but then after they’ve already been hooked, they found out there are “out of the box” security issues and they need to install a patch to fix a security issue.
Related to this topic, here is some very easy low hanging fruit to address the security issue:
1. Place a link to the patch page on the last openemr installation step screen.
2. Remove all unmaintained content regarding installation instructions, patches, downloads, security from the oemr.org wiki.
-brady
OpenEMR