[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security Response Team / EOL



On Sat, Apr 29, 2006 at 11:54:27AM -0400, Jesse Keating wrote:
> On Sat, 2006-04-29 at 17:42 +0200, Axel Thimm wrote:
> > I think we're arguing on the same side. We all want to look
> > forward with our packaging. And freezing upgrades on legacy
> > releases will only make packagers spend more time with old stuff
> > (backporting security fixes) that will then be missed with ongoing
> > stuff. Even in the ideal situation of 2 current and 2 legacy
> > releases you end up maintaining 3 versions of a package. And right
> > now we are still far from 2 legacy releases (we're at 5).
> 
> Ok, here's the source of our problem.  You've assumed that security
> fixes have to be backported.  Nowhere is this / should this be said.

Well, it was suggested on this thread and wasn't outruled (yet).

> I'm perfectly fine with doing package UPgrades to fix a security
> issue.  I just don't want to see upgrades just for the sake of
> upgrades.  Upgrades should happen only to resolve a security issue.
-- 
Axel.Thimm at ATrpms.net

Attachment: pgpCL2MUN6JdM.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]