Re: [RFC] dropping support for ancient versions of curl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 06, 2017 at 12:53:01AM +0000, brian m. carlson wrote:

> > It would be great to have them on-list, as far as I can tell they were
> > never submitted? Is there some time/administrative reason for why
> > you're not submitting them? Some of these are many years old, it would
> > be great to have them on-list for wider review & included so vanilla
> > git works on these platforms.
> 
> I'm very opposed to accepting patches for operating systems that are no
> longer security supported.  Having insecure systems directly or
> indirectly connected to the Internet is a very bad thing, and we
> shouldn't make it easier for people who want to do that.

Hmm. I'm not sure whether I agree with that or not. I certainly wouldn't
want to _encourage_ people to use ancient unpatched systems. But I'm
also not entirely comfortable passing judgements on people's OS choices.
Security isn't a discrete variable, and there are lots of situations
where it makes sense to stick with an old, unpatched system because the
risk of changing it outweighs the risk of it being attacked (think
mission-critical systems sitting behind firewalls).

That said, I don't mind the argument "even the people who made this OS
are no longer supporting it; why should we?". And the response from Todd
seems to reinforce that.

And it's not like people on ancient mission-critical systems get cut
off. They can still run the version of Git they were running when their
OS went out of support.

-Peff



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]