Mike McCarty wrote:
I'd rather run with a known security vulnerability than an untested package. With a known security hole, I know some steps I can take externally to my box, and know what my vulnerability is. With an untested package, I know neither.
Mike, I would generally agree with that above statement, however most (99 percent?) of the FL fixes involved code that was written and tested elsewhere. All FL does is re-apply the same fix to the FL codebase. I for one am willing to accept a tested fix that is applied to a parallel codebase over running a known vulnerability. It's not an exact science but it also isn't running blind.
-Jim P. -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
