fedora at leemhuis.info
Wed Dec 5 10:38:01 UTC 2007
On 05.12.2007 11:30, Patrice Dumas wrote:
> On Mon, Nov 26, 2007 at 05:18:19PM +0100, Thorsten Leemhuis wrote:
>> Sure it's dangerous and problematic -- but it's IMHO still way better
>> then to not ship a package just for hypothetical situation where a major
>> update might be the only way forward if a security issues comes up.
>> Besides: if we want to update for non-security reasons we can provide
>> compat packages as well, which should solve parts of the problem.
> Ok, but then what to do when a security issue is discovered in the
> package that is also relevant for the compat package but we don't want
> to backport it? Simply remove the compat package from the repo?
If there was a warning period or something like that, round about: yes.
Note that even RHEL does that iirc. Didn't they for example switch from
mozilla to seamonkey?
More information about the epel-devel-list