On Wed, 2010-09-22 at 10:04 -0500, Bruno Wolff III wrote:
> On Wed, Sep 22, 2010 at 17:01:02 +0200,
> Tomas Mraz <tmraz@xxxxxxxxxx> wrote:
> > I say that the example of Webkit should be removed because if it is not
> > possible to backport the security patch and due to the version update
> > Midori has to be updated to a new version regardless of the changes of
> > user experience. The part of the example "judgement call based on how
> > intrusive the changes are" does not make any sense. We just cannot keep
> > the old insecure version regardless on how intrusive the changes are.
>
> Security isn't binary. It may be that a security update addresses an issue
> that can not happen in normal cases. It might be reasonable to just document
> the cases where there is a problem so as to warn people not to do that.
Of course, the issue might be very minor, but in that case it is not a
"judgement call based on how intrusive thec changes are" but "judgement
call on whether the pros and cons of doing the update are significantly
in favor of pros"
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
