[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Fedora products, to upgrade rather than backport?

From: "Stephen John Smoogen" <smooge gmail com>
To: "Discussion of the Fedora Legacy Project" <fedora-legacy-list redhat com>
Subject: Re: Fedora products, to upgrade rather than backport?
Date: Mon, 15 May 2006 15:13:39 -0600

On 5/15/06, Eric Rostetter <rostetter mail utexas edu> wrote:

Quoting Stephen John Smoogen <smooge gmail com>:

> Third, how expert are you (the patcher) on what the vulnerability is,
> what the code is, and how you are 'stopping' the vulnerability from
> being there.

I'm not sure that should come into play per se.


Does this explain it better?

If you are not familiar with the code base and having to figure out a
backpatch by hand (e.g. there is no available one for that release,
etc), then how sure are you that you have fixed the security problem
without opening another security problem?



--
Stephen J Smoogen.
CSIRT/Linux System Administrator

Follow-Ups:
- Re: Fedora products, to upgrade rather than backport?
  - From: Eric Rostetter

References:
- Fedora products, to upgrade rather than backport?
  - From: Jesse Keating
- Re: Fedora products, to upgrade rather than backport?
  - From: Stephen John Smoogen
- Re: Fedora products, to upgrade rather than backport?
  - From: Eric Rostetter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]