Why people are not switching to Fedora
Michael Schwendt
mschwendt at gmail.com
Fri May 8 09:27:29 UTC 2015
On Thu, 7 May 2015 23:27:31 +0300, Elad Alfassa wrote:
> Another point is that this repo does not seem to be fast enough with
> security updates, as it is operated by volunteers and doesn't seem to
> have a security response team - so it sometimes takes weeks for
> critical security fixes to be shipped to users.
Wait a minute! You don't really want to open that can of worms.
Do you know any examples about _critical_ vulnerabilities in rpmfusion.org
packages?
Fedora may have a security team, but there are 304 open CVE tickets about
"moderate vulnerabilities" dating back as far as into the year 2012,
and 38 open tickets about "important vulnerabilities" dating back into
early 2013. Example:
https://bugzilla.redhat.com/958305
Reported: 2013-04-30
2015-04-23: Can an update be pushed for this package?
Two years have passed without any activity in that ticket. Not even any
details about whether there have been new upstream releases meanwhile or
whether the issue has been forwarded upstream.
More information about the desktop
mailing list