[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security Response Team / EOL



Josh Bressers (bressers redhat com) said: 
> There are other distributions that have used this policy in the past.  The
> result ends up being if the fix is bigger than a breadbox, it just never
> gets fixed.  The deciding factor should be which one is less invasive, and
> that decision should be up to the packagers and the security response team.
> There are times it's easier to apply a patch, there are times that one must
> upgrade.

A good example would be any sufficiently large and complex code base...
the mozilla stack would apply here - in many cases, backporting would
be an onerous task compared to simply upgrading to the new version with
the security fix.

Bill


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]