Josh Bressers (bressers@xxxxxxxxxx) said: > There are other distributions that have used this policy in the past. The > result ends up being if the fix is bigger than a breadbox, it just never > gets fixed. The deciding factor should be which one is less invasive, and > that decision should be up to the packagers and the security response team. > There are times it's easier to apply a patch, there are times that one must > upgrade. A good example would be any sufficiently large and complex code base... the mozilla stack would apply here - in many cases, backporting would be an onerous task compared to simply upgrading to the new version with the security fix. Bill -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
