critical path security update policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm concerned about how long it takes security updates to make it to users under Fedora's current policies (which generally allow such updates the possibility of sitting in testing for 14 days, or even longer).
 
Just one example is the Firefox 37.0.1 update for Fedora 20:
https://admin.fedoraproject.org/updates/FEDORA-2015-5723/firefox-37.0.1-1.fc20
 
The currently available version of Firefox in Fedora 20 has a critical vulnerability which allows a man-in-the-middle attacker to impersonate any HTTPS website. In this context, shouldn't security concerns win out over the worry that there might be some regression? We already know there's a serious problem in the current package, so why do we have to wait 14 days just because there might be some problem in the new package?
 
Shouldn't this policy be revised?
 
Jerry
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux