2010/3/2 Adam Williamson <awilliam(a)redhat.com>:
On Tue, 2010-03-02 at 10:57 -0500, Frank Ch. Eigler wrote:
> Doesn't "just not running random/unrestricted yum update" exactly
> encode that option?
If you're happy to live with unsecure software, certainly =)
you can try and cherry-pick security updates, but then you get the
problem where initial release has Foobar 1.0, then Foobar 3.5 gets
shipped in updates, then a security problem emerges and Foobar 3.5-2
with the security fix gets shipped in updates. You now have a choice of
unsecure Foobar 1.0, or completely new version Foobar 3.6.
Yes, and that will always be the case unless you are hiring a lot of
developers to backport security fixes. Oh wait ... isn't that what
RHEL is about?
- Thomas