On Tue, Apr 12, 2005 at 05:14:26PM +0300, Pekka Savola wrote:So.. Why do we want these bugs? If Fedora didn't fix them while they had the responsibility, they surely shouldn't be shorned in our direction either ?
Um, because some of them are security bugs that they never got around to fixing. That's kind of annoying (Fedora security process definitely seems to be disturbingly low priority -- see the perl-suid buffer overflow trivial root exploit, for example) but I don't really care whose responsibility it ought to be, since there are people who are depending on us to make available patches to secure their systems.
If Fedora didn't bother fixing security problems while they had the responsibility, I don't see why we should feel responsible either.
Sure .. if we're producing an update in any case for RHL or FC1, we could add FC2, but if the problem is specific to FC2, IMHO it would be fine to just ignore the security bug.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
