I kind of see both sides of the problem. I do agree more with Todd, but I wonder if RedHat has faced this before. Did they release a vuln that effect RHL 9 and then mention it doesn't effect 7x and 8.0? I think this is a tweener problem, and we don't really need to come up with anything. IF we see it happening a lot or people are confused then lets act. People can read the mailing ilsts if curious. -- Christian Pearce http://www.commnav.com Todd said: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jesse Keating wrote: > > We should write an advisory that this vul does not effect the > > releases we support. Thoughts on format? > > Doesn't the KDE advisory make that clear enough? Seems like there is > already more than enough work just to keep up with the known updates. > If there are folks insisting that the vulnerability affects KDE < 3.1 > then let them do some work to show that and then it might be worth > looking at. > > Putting out advisories that something *isn't* vulnerable seems useless > at best and confusing at worst. To me anyway. It might be different > if 8.0 had a vulnerable version and 7.x didn't. Then noting that the > vuln didn't affect 7.x might be good to do in the advisory for the > updated 8.0 packages. This case could happen with KDE packages after > 9 goes EOL in April. > > - -- > Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp > ====================================================================== > Hell hath no fury like a bureaucrat scorned. > -- Dr. Milton Friedman > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. > > iD8DBQFADt8Auv+09NZUB1oRArf8AJ0Tjx5MICTWKuKMoabyGbiqAUn7XACg3aNd > MltmvDu8hIai6PuA9cd/F+c= > =e4mw > -----END PGP SIGNATURE----- > > > -- > > fedora-legacy-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-legacy-list >
