tmraz at redhat.com
Wed Sep 22 15:51:01 UTC 2010
On Wed, 2010-09-22 at 10:04 -0500, Bruno Wolff III wrote:
> On Wed, Sep 22, 2010 at 17:01:02 +0200,
> Tomas Mraz <tmraz at redhat.com> wrote:
> > I say that the example of Webkit should be removed because if it is not
> > possible to backport the security patch and due to the version update
> > Midori has to be updated to a new version regardless of the changes of
> > user experience. The part of the example "judgement call based on how
> > intrusive the changes are" does not make any sense. We just cannot keep
> > the old insecure version regardless on how intrusive the changes are.
> Security isn't binary. It may be that a security update addresses an issue
> that can not happen in normal cases. It might be reasonable to just document
> the cases where there is a problem so as to warn people not to do that.
Of course, the issue might be very minor, but in that case it is not a
"judgement call based on how intrusive thec changes are" but "judgement
call on whether the pros and cons of doing the update are significantly
in favor of pros"
No matter how far down the wrong road you've gone, turn back.
More information about the devel