Security release criterion proposal
cdahlin at redhat.com
cdahlin at redhat.com
Wed May 18 18:01:51 UTC 2011
On Wed, May 18, 2011 at 10:44:16AM -0700, Adam Williamson wrote:
> Well, I think his point is that it's almost certain that some 'unknown'
> exposures will become 'known' during the life cycle of a release, at
> which point the live images we release three months previously are
> vulnerable to a known security exploit and there's exactly nothing we
> can do about it
Yes.
> so worrying about the ones we _can_ fix at release
> time becomes less important, when viewed from that perspective.
No.
Shipping a safe product is a goal that ethically demands our best
effort, even if we'll never be totally successful. Not being able to get
them all makes the ones we can get more important, not less.
--CJD
More information about the devel
mailing list