Bruno Wolff III bruno at
Wed Sep 22 16:31:05 UTC 2010

On Wed, Sep 22, 2010 at 17:27:43 +0200,
  drago01 <drago01 at> wrote:
> On Wed, Sep 22, 2010 at 5:04 PM, Bruno Wolff III <bruno at> wrote:
> > On Wed, Sep 22, 2010 at 17:01:02 +0200,
> >  Tomas Mraz <tmraz at> wrote:
> >> I say that the example of Webkit should be removed because if it is not
> >> possible to backport the security patch and due to the version update
> >> Midori has to be updated to a new version regardless of the changes of
> >> user experience. The part of the example "judgement call based on how
> >> intrusive the changes are" does not make any sense. We just cannot keep
> >> the old insecure version regardless on how intrusive the changes are.
> >
> > Security isn't binary. It may be that a security update addresses an issue
> > that can not happen in normal cases. It might be reasonable to just document
> > the cases where there is a problem so as to warn people not to do that.
> NO, security issues ought to be *fixed* not just documented.

All bugs ought to be fixed. That doesn't mean that if the cost to fix is high,
other alternatives aren't acceptible.

More information about the devel mailing list