On 05.12.2007 11:30, Patrice Dumas wrote:
On Mon, Nov 26, 2007 at 05:18:19PM +0100, Thorsten Leemhuis wrote:
> Sure it's dangerous and problematic -- but it's IMHO still way better
> then to not ship a package just for hypothetical situation where a major
> update might be the only way forward if a security issues comes up.
> Besides: if we want to update for non-security reasons we can provide
> compat packages as well, which should solve parts of the problem.
Ok, but then what to do when a security issue is discovered in the
package that is also relevant for the compat package but we don't want
to backport it? Simply remove the compat package from the repo?
If there was a warning period or something like that, round about: yes.
Note that even RHEL does that iirc. Didn't they for example switch from
mozilla to seamonkey?
Cu
knurd