Re: FESCo wants to ban direct stable pushes in Bodhi (urgent call for feedback)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Adam Williamson wrote:
> you can try and cherry-pick security updates, but then you get the
> problem where initial release has Foobar 1.0, then Foobar 3.5 gets
> shipped in updates, then a security problem emerges and Foobar 3.5-2
> with the security fix gets shipped in updates. You now have a choice of
> unsecure Foobar 1.0, or completely new version Foobar 3.6.

There's also the other variant where a security problem is found in Foobar 1.0 
but the problem isn't present in Foobar 3.0 and later. Upstream still supports 
the 1.0 branch and releases Foobar 1.0.4 to fix the problem, but no security 
update is released for Fedora since there is no problem in the latest Fedora 
package. The Fedora user who chose not to upgrade Foobar won't even know that 
there is a security problem.

Björn Persson

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux