On Tue, 2010-03-02 at 18:08 +0100, Thomas Moschny wrote:
> you can try and cherry-pick security updates, but then you get
the
> problem where initial release has Foobar 1.0, then Foobar 3.5 gets
> shipped in updates, then a security problem emerges and Foobar 3.5-2
> with the security fix gets shipped in updates. You now have a choice of
> unsecure Foobar 1.0, or completely new version Foobar 3.6.
Yes, and that will always be the case unless you are hiring a lot of
developers to backport security fixes. Oh wait ... isn't that what
RHEL is about?
Other distributions manage this perfectly well without egregious version
bumps.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net