Lack of update information

Rahul Sundaram sundaram at fedoraproject.org
Mon Jan 26 20:36:05 UTC 2009


Robert Scheck wrote:

> 
> Very good question. When asking, I didn't get a real answer. Sometimes, a
> public proof of concept exists already. Maybe the intention is, that if
> they make the security issue public, the vendors had time to put updated
> packages into their systems. Luckily, that doesn't happen all the time, but
> only sometimes. If you click through my phpMyAdmin updates, you will find
> some bug reports referencing "not yet clearly specified security issue" or
> similar things. Much more can a packager not do, I would guess.

Maybe you can take this up to

http://lists.freedesktop.org/mailman/listinfo/distributions

Collectively apply some pressure to upstream or atleast find good 
consistent workarounds.

Rahul




More information about the fedora-devel-list mailing list