On Wed, Sep 22, 2010 at 17:01:02 +0200,
Tomas Mraz <tmraz(a)redhat.com> wrote:
I say that the example of Webkit should be removed because if it is
not
possible to backport the security patch and due to the version update
Midori has to be updated to a new version regardless of the changes of
user experience. The part of the example "judgement call based on how
intrusive the changes are" does not make any sense. We just cannot keep
the old insecure version regardless on how intrusive the changes are.
Security isn't binary. It may be that a security update addresses an issue
that can not happen in normal cases. It might be reasonable to just document
the cases where there is a problem so as to warn people not to do that.