Fedora products, to upgrade rather than backport?
Stephen John Smoogen
smooge at gmail.com
Mon May 15 21:13:39 UTC 2006
On 5/15/06, Eric Rostetter <rostetter at mail.utexas.edu> wrote:
> Quoting Stephen John Smoogen <smooge at gmail.com>:
>
> > Third, how expert are you (the patcher) on what the vulnerability is,
> > what the code is, and how you are 'stopping' the vulnerability from
> > being there.
>
> I'm not sure that should come into play per se.
>
Does this explain it better?
If you are not familiar with the code base and having to figure out a
backpatch by hand (e.g. there is no available one for that release,
etc), then how sure are you that you have fixed the security problem
without opening another security problem?
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
More information about the fedora-legacy-list
mailing list