On Mon, 2010-06-21 at 18:47 -0500, C Anthony Risinger wrote: > On Jun 21, 2010, at 6:37 PM, Andres P <aepd87@xxxxxxxxx> wrote: > > > 2010/6/21 Ng Oon-Ee <ngoonee@xxxxxxxxx>: > >> bugs with upstream, which may not be the case with 5-10 security- > >> patches > >> from git/svn). > > > > This is just pessimistic outlook. Having patches means that you're > > actually > > contributing upstream instead of leaching the latest ver every 3 > > weeks. > > > > People need to stop with the notion that patching is bad. As long as > > you submit > > upstream, it's anything but a detriment. Upstream *wants* you to fix > > their > > crap. > > > > Andres P > > He said from git/svn... ie backporting, not contributing. > > C Anthony Thanks Anthony. I guess my statement IS unclear. @Andres I agree that contributing patches upstream is ideal, but (pessimistic outlook again) I doubt the size of the security team will be enough to allow them to write and test significant patches, which leads to the assumption that their main job would be to identify holes and grab patches from upstream (or Fedora/Debian/whatever) to fix those holes while waiting for upstream to go through whatever verification process they need. Those patches would come from a patchwork of places (upstream's git/svn, fedora/debian patch, etc.), and make it a bit harder to keep things stable.
