so, we've got FC2 now...
Pekka Savola
pekkas at netcore.fi
Tue Apr 12 17:55:32 UTC 2005
On Tue, 12 Apr 2005, Matthew Miller wrote:
> On Tue, Apr 12, 2005 at 05:14:26PM +0300, Pekka Savola wrote:
>> So.. Why do we want these bugs? If Fedora didn't fix them while they
>> had the responsibility, they surely shouldn't be shorned in our
>> direction either ?
>
> Um, because some of them are security bugs that they never got around to
> fixing. That's kind of annoying (Fedora security process definitely seems to
> be disturbingly low priority -- see the perl-suid buffer overflow trivial
> root exploit, for example) but I don't really care whose responsibility it
> ought to be, since there are people who are depending on us to make
> available patches to secure their systems.
If Fedora didn't bother fixing security problems while they had the
responsibility, I don't see why we should feel responsible either.
Sure .. if we're producing an update in any case for RHL or FC1, we
could add FC2, but if the problem is specific to FC2, IMHO it would be
fine to just ignore the security bug.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the fedora-legacy-list
mailing list