Tomas Mraz tmraz at
Wed Sep 22 15:51:01 UTC 2010

On Wed, 2010-09-22 at 10:04 -0500, Bruno Wolff III wrote: 
> On Wed, Sep 22, 2010 at 17:01:02 +0200,
>   Tomas Mraz <tmraz at> wrote:
> > I say that the example of Webkit should be removed because if it is not
> > possible to backport the security patch and due to the version update
> > Midori has to be updated to a new version regardless of the changes of
> > user experience. The part of the example "judgement call based on how
> > intrusive the changes are" does not make any sense. We just cannot keep
> > the old insecure version regardless on how intrusive the changes are.
> Security isn't binary. It may be that a security update addresses an issue
> that can not happen in normal cases. It might be reasonable to just document
> the cases where there is a problem so as to warn people not to do that.
Of course, the issue might be very minor, but in that case it is not a
"judgement call based on how intrusive thec changes are" but "judgement
call on whether the pros and cons of doing the update are significantly
in favor of pros"

Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

More information about the devel mailing list