FESCo wants to ban direct stable pushes in Bodhi (urgent call for feedback)
Thomas Moschny
thomas.moschny at gmail.com
Tue Mar 2 17:08:47 UTC 2010
2010/3/2 Adam Williamson <awilliam at redhat.com>:
> On Tue, 2010-03-02 at 10:57 -0500, Frank Ch. Eigler wrote:
>
>> Doesn't "just not running random/unrestricted yum update" exactly
>> encode that option?
>
> If you're happy to live with unsecure software, certainly =)
>
> you can try and cherry-pick security updates, but then you get the
> problem where initial release has Foobar 1.0, then Foobar 3.5 gets
> shipped in updates, then a security problem emerges and Foobar 3.5-2
> with the security fix gets shipped in updates. You now have a choice of
> unsecure Foobar 1.0, or completely new version Foobar 3.6.
Yes, and that will always be the case unless you are hiring a lot of
developers to backport security fixes. Oh wait ... isn't that what
RHEL is about?
- Thomas
More information about the devel
mailing list