Lack of update information
Rahul Sundaram
sundaram at fedoraproject.org
Mon Jan 26 20:36:05 UTC 2009
Robert Scheck wrote:
>
> Very good question. When asking, I didn't get a real answer. Sometimes, a
> public proof of concept exists already. Maybe the intention is, that if
> they make the security issue public, the vendors had time to put updated
> packages into their systems. Luckily, that doesn't happen all the time, but
> only sometimes. If you click through my phpMyAdmin updates, you will find
> some bug reports referencing "not yet clearly specified security issue" or
> similar things. Much more can a packager not do, I would guess.
Maybe you can take this up to
http://lists.freedesktop.org/mailman/listinfo/distributions
Collectively apply some pressure to upstream or atleast find good
consistent workarounds.
Rahul
More information about the fedora-devel-list
mailing list