On Sat, Nov 13, 2010 at 02:22:42PM +0000, Matthew Garrett wrote: > On Sat, Nov 13, 2010 at 10:21:30AM +0100, Till Maas wrote: > > > The documented issues do not seem to be as bad as a system being > > exploited. It is only about dependency breakage or services not working > > anymore. There is no major data corruption requiring access to backups > > and restoring the whole system. But this is what people using Fedora > > with proftpd and being exploited have to do. > > If security updates break functionality then people will stop applying > security updates. If there are no security updates, people can not apply them. So what is worse? If people stop applying updates, then it is at least their decision. If there are no updates, people can only choose not to use Fedora. E.g. either build the applications themselves or use another distribution. But this is not a viable goal. The optimal case is to provide well tested security updates fast, but this is not what Fedora achieves. In my example there is no indication that the update was especially tested, because it did not get any karma. And it was not provided fast. Regards Till
Attachment:
pgpa_7xFfDJ4w.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
