Quoting Stephen John Smoogen <smooge@xxxxxxxxx>:
On 5/15/06, Eric Rostetter <rostetter@xxxxxxxxxxxxxxx> wrote:
Quoting Stephen John Smoogen <smooge@xxxxxxxxx>:
Third, how expert are you (the patcher) on what the vulnerability is,
what the code is, and how you are 'stopping' the vulnerability from
being there.
I'm not sure that should come into play per se.
Does this explain it better?
If you are not familiar with the code base and having to figure out a
backpatch by hand (e.g. there is no available one for that release,
etc), then how sure are you that you have fixed the security problem
without opening another security problem?
If you are upgrading the package to a vastly different version, how
sure are you that you didn't open another security problem, or break
something?
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Go Longhorns!
--
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
