pertusus at free.fr
Wed Dec 5 10:30:37 UTC 2007
On Mon, Nov 26, 2007 at 05:18:19PM +0100, Thorsten Leemhuis wrote:
> Sure it's dangerous and problematic -- but it's IMHO still way better
> then to not ship a package just for hypothetical situation where a major
> update might be the only way forward if a security issues comes up.
> Besides: if we want to update for non-security reasons we can provide
> compat packages as well, which should solve parts of the problem.
Ok, but then what to do when a security issue is discovered in the
package that is also relevant for the compat package but we don't want
to backport it? Simply remove the compat package from the repo?
More information about the epel-devel-list