On Sun, Nov 14, 2010 at 13:59:24 +0100,
Till Maas <opensource(a)till.name> wrote:
If there are no security updates, people can not apply them. So what is
worse? If people stop applying updates, then it is at least their
decision. If there are no updates, people can only choose not to use
Many people are going to just pull updates. They aren't going to make a
decision on their own.
Security updates aren't all created equal. While the case that was
referenced in this was easily remotely exploitable, not all security
issues expose a system to that level of risk.
The optimal case is to provide well tested security updates fast,
this is not what Fedora achieves. In my example there is no indication
that the update was especially tested, because it did not get any karma.
And it was not provided fast.
There is definitely a problem that needs fixing. But I don't think changing
the goal to untested security updates provided quickly is the preferred
Perhaps we should have a way to draw attention to high priority updates.
Generally we need more testers and need to make them more efficient.
(Test plans for packages can make testing more efficient and accurate.)