Stability and Release Cycles - An Idea

Les Mikesell lesmikesell at gmail.com
Mon Dec 22 17:39:24 UTC 2008


Alan Cox wrote:
> On Mon, Dec 22, 2008 at 06:17:10PM +0100, Kevin Kofler wrote:
>> And I think pushing out security updates, even if they're completely
>> untested, would still be better than no updates at all.
> 
> No because you create the illusion of security which is more dangerous than
> knowing a system is insecure - in the latter case people at least take
> appropriate precautions.
> 
> If you've tested the security side then yes it probably is better than no
> updates at all.

Can you really make an argument that ignoring a real, known 
vulnerability is always better than an attempt at a fix - especially in 
fedora where the pre-EOL updates don't get much testing either?

Personally, I think the correct approach is to replace such things with 
a rebuilt RHEL version where the fix will actually have some QA before 
dropping into users' laps, but...

-- 
   Les Mikesell
    lesmikesell at gmail.com




More information about the devel mailing list