Alan Cox wrote:
On Mon, Dec 22, 2008 at 06:17:10PM +0100, Kevin Kofler wrote:
And I think pushing out security updates, even if they're completely
untested, would still be better than no updates at all.
No because you create the illusion of security which is more dangerous than
knowing a system is insecure - in the latter case people at least take
appropriate precautions.
If you've tested the security side then yes it probably is better than no
updates at all.
Can you really make an argument that ignoring a real, known
vulnerability is always better than an attempt at a fix - especially in
fedora where the pre-EOL updates don't get much testing either?
Personally, I think the correct approach is to replace such things with
a rebuilt RHEL version where the fix will actually have some QA before
dropping into users' laps, but...
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
