On 2/2/07, Phil Meyer <pmeyer@xxxxxxxxxxxxxxxx> wrote:
Fedora moves too fast to maintain a securities issues list. :)
Subscribe to the fedora-package-announce list and filter on: "[SECURITY] Fedora Core 6 Update" http://lwn.net/Alerts/Fedora/
Basically, a FC4 system that has been updated a time or two a year ago is probably ahead of the vast majority of Linux systems security patches. Any FC5 system is way ahead, and FC6 is not even looked at by the security testers (generally -- not implying anything here) except by the RedHat kernel guys who have to back port known exploits, performance, and custom patches into 'all' kernels.
I'm not exactly clear as to what you are saying. FC4 has had discontinued support for several months(?).
When you talk about patching for security in Fedora Core, it is usually at the application level (php or some such). Those get wide publication so you will probably know about them.
If an application is packaged and included in Fedora Core, then it is Fedora's responsibility to provide an update if and when necessary.
I am not suggesting that anyone relax about security, just putting it into perspective.
With all due respect, I really don't understand your perspective or on what information you based your conclusions. -Mauriat
