On Wed, Jul 20 2022 at 09:00:28 PM +0200, Kevin Kofler via devel
<devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
(The fact that
these fixes are not included in the betas, but only dropped into the
stable
release, also makes the beta testing quite pointless and compromises
the
stability of the stable releases.)
A little feedback on why this happens. Every time you commit to a web
browser engine, nation states scrutinize the commit looking for
vulnerabilities that can be abused to hack users: both new
vulnerabilities introduced in the commit, and also any vulnerabilities
fixed in the commit. So it's unfortunately become important to minimize
the amount of time between when the fix hits open source vs. when it
reaches users. We've been struggling with this problem over in WebKit
because we've historically been too transparent with security-relevant
commits.
Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
