On Tue, 2009-10-06 at 00:37 +0200, Lennart Poettering wrote: > If you are a user then you should use tha PA version that is shipped > with your distro. If you want a newer version, then upgrade your > distro. If you are a developer who writes third party apps then you > should stick to a released distro, too. But of course you should > really make sure to run the latest one. You know as well as I do that not everybody can run the latest bleeding-edge distro. The reasons are the same as why you would not recommend end-users make everyday use of the git version of Pulse. My main concern is that of security, which is the main scenario where you would want to update to a recent version of Pulse in a "stable" environment. PulseAudio has not been free of security issues, and yet I don't know of any "security-only" releases. (Please correct me if I am wrong.) If a security issue is discovered in Pulse, affecting several of the latest versions, and a new version is released to correct the security hole (as of the time of writing, that would be 0.9.19.1 or 0.9.20), then what should those running stable distros do? Obviously we can't update system libraries such as udev, BlueZ, etc. when we just want the security fix. At the same time, Pulse's current attitude towards dependencies means running the latest Pulse on the system without upgrading much of the core will be problematic. To say that... On Mon, 2009-10-05 at 23:04 +0200, Lennart Poettering wrote: > PA is pretty tightly integrated into the system. Consider it part of > the the OS itself. So it is only feasible to update the entire OS or > nothing at all. ...does not address the security implications of not updating, in which not updating would lead to compromised systems (e.g. if an Adobe Flash animation could exploit PulseAudio by playing the audio of a Vista install disc backwards). Is there a "best practice" or other tip you can give us to prepare for these situations in which we really do need to upgrade? Cheers, Jeremy.