On Wed, 2011-05-18 at 10:44 -0700, Adam Williamson wrote: > On Wed, 2011-05-18 at 13:37 -0400, Adam Jackson wrote: > > On 5/18/11 1:22 PM, Kevin Kofler wrote: > > > Adam Williamson wrote: > > >> # There must be no known remote code execution vulnerability which could > > >> be exploited during installation or during use of a live image shipped > > >> with the release > > > > > > This is just completely and utterly moot considering that there are going to > > > be many more unknown vulnerabilities than known ones, and that several of > > > those are inevitably going to come up during the 6-month lifetime of a > > > release. > > > > The difference between a known and an unknown security bug is that, if > > _you_ know about it, it's virtually certain that someone malicious > > already does too. > > > > We can't avoid unknown risk exposure. You're arguing for ignoring known > > risk exposure entirely. Seems a touch irresponsible. > > > > Also: twelve month. > > Well, I think his point is that it's almost certain that some 'unknown' > exposures will become 'known' during the life cycle of a release, at > which point the live images we release three months previously are > vulnerable to a known security exploit and there's exactly nothing we > can do about it - so worrying about the ones we _can_ fix at release > time becomes less important, when viewed from that perspective. It's a > good point. Is it unthinkable to respin the images with those fixes ? Usually the patches are quite simple to backport, and we are talking about a limited set of bugs (remote root exploit on install) after all. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
