Stability and Release Cycles - An Idea
Les Mikesell
lesmikesell at gmail.com
Mon Dec 22 17:39:24 UTC 2008
Alan Cox wrote:
> On Mon, Dec 22, 2008 at 06:17:10PM +0100, Kevin Kofler wrote:
>> And I think pushing out security updates, even if they're completely
>> untested, would still be better than no updates at all.
>
> No because you create the illusion of security which is more dangerous than
> knowing a system is insecure - in the latter case people at least take
> appropriate precautions.
>
> If you've tested the security side then yes it probably is better than no
> updates at all.
Can you really make an argument that ignoring a real, known
vulnerability is always better than an attempt at a fix - especially in
fedora where the pre-EOL updates don't get much testing either?
Personally, I think the correct approach is to replace such things with
a rebuilt RHEL version where the fix will actually have some QA before
dropping into users' laps, but...
--
Les Mikesell
lesmikesell at gmail.com
More information about the devel
mailing list