Security release criterion proposal

cdahlin at cdahlin at
Wed May 18 18:01:51 UTC 2011

On Wed, May 18, 2011 at 10:44:16AM -0700, Adam Williamson wrote:
> Well, I think his point is that it's almost certain that some 'unknown'
> exposures will become 'known' during the life cycle of a release, at
> which point the live images we release three months previously are
> vulnerable to a known security exploit and there's exactly nothing we
> can do about it


> so worrying about the ones we _can_ fix at release
> time becomes less important, when viewed from that perspective.


Shipping a  safe product is a goal that ethically demands our best
effort, even if we'll never be totally successful. Not being able to get
them all makes the ones we can get more important, not less.


More information about the devel mailing list