[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Lack of update information



On Mon, 26 Jan 2009, Kevin Kofler wrote:
> diff -Nur foo-old foo-new
> and you'll see fairly quickly what they fixed. (And it's also trivial for a
> cracker to do that, so it's utterly pointless to try withholding
> information that way.)

In theory, yes. But nearly always, these upstreams are putting the security
fixes into the forward development. Further development, sometimes even
code rewrites after last stable release and somewhen a security fix doesn't
make it readable that easy (unified diff can be ~ 2500-7500 lines). For PHP
that might be readable easily, but when not being a C coder, reading/seeing
an overflow, memory games or other leaks might be more hard in such a diff.


Greetings,
  Robert


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]