The new Update Acceptance Criteria are broken
matt at mattmccutchen.net
Sun Nov 14 05:52:10 UTC 2010
On Sat, 2010-11-13 at 14:22 +0000, Matthew Garrett wrote:
> On Sat, Nov 13, 2010 at 10:21:30AM +0100, Till Maas wrote:
> > The documented issues do not seem to be as bad as a system being
> > exploited. It is only about dependency breakage or services not working
> > anymore. There is no major data corruption requiring access to backups
> > and restoring the whole system. But this is what people using Fedora
> > with proftpd and being exploited have to do.
> If security updates break functionality then people will stop applying
> security updates.
That may be true in general, but I think Till has given a compelling
example in which many (most?) users would prefer an update with some
probability of being broken to no update. If necessary, we could have a
separate repository of "urgent" updates that sysadmins could choose to
enable or not based on their security and stability needs.
More information about the devel