Re: The new Update Acceptance Criteria are broken

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 01, 2010 at 10:09:17AM -0700, Adam Williamson wrote:

> I disagree. The evidence you cite does not support this conclusion. We
> implemented the policies for three releases. There are significant
> problems with one release. This does not justify the conclusion that the
> policies should be entirely repealed.

It was brought to my attention that also current Fedora releases have
problems with delaying important security updates. A fix for a remote
code execution vulnerability in proftpd was only pushed to stable with a
seven day delay:
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.fc13
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.fc14

And it is not a theoretical threat, I know that servers in the nearby
area have been exploited because of this vulnerability. Delaying such
updates seems to be a very bad idea. Even in the unlikely case that the
update was broken and made proftpd not start anymore, this is usually
not as bad as having the system corrupted by an evil attacker.

Regards
Till

Attachment: pgpSPIqop6M4N.pgp
Description: PGP signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux