Re: Fedora products, to upgrade rather than backport?
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Quoting Stephen John Smoogen <smooge@xxxxxxxxx>:
On 5/15/06, Eric Rostetter <rostetter@xxxxxxxxxxxxxxx> wrote:Quoting Stephen John Smoogen <smooge@xxxxxxxxx>:Third, how expert are you (the patcher) on what the vulnerability is, what the code is, and how you are 'stopping' the vulnerability from being there.I'm not sure that should come into play per se.Does this explain it better? If you are not familiar with the code base and having to figure out a backpatch by hand (e.g. there is no available one for that release, etc), then how sure are you that you have fixed the security problem without opening another security problem?
If you are upgrading the package to a vastly different version, how sure are you that you didn't open another security problem, or break something? -- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns! -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
[Fedora Development] [Fedora Announce] [Fedora Legacy Announce] [Fedora Config] [PAM] [Fedora General Discussion] [Big List of Linux Books] [Gimp] [Free Internet Dating] [Yosemite Questions]