Lack of update information
Robert Scheck
robert at fedoraproject.org
Mon Jan 26 23:03:41 UTC 2009
On Mon, 26 Jan 2009, Kevin Kofler wrote:
> diff -Nur foo-old foo-new
> and you'll see fairly quickly what they fixed. (And it's also trivial for a
> cracker to do that, so it's utterly pointless to try withholding
> information that way.)
In theory, yes. But nearly always, these upstreams are putting the security
fixes into the forward development. Further development, sometimes even
code rewrites after last stable release and somewhen a security fix doesn't
make it readable that easy (unified diff can be ~ 2500-7500 lines). For PHP
that might be readable easily, but when not being a C coder, reading/seeing
an overflow, memory games or other leaks might be more hard in such a diff.
Greetings,
Robert
More information about the fedora-devel-list
mailing list