Security Response Team / EOL
Bill Nottingham
notting at redhat.com
Mon May 1 17:16:19 UTC 2006
Josh Bressers (bressers at redhat.com) said:
> There are other distributions that have used this policy in the past. The
> result ends up being if the fix is bigger than a breadbox, it just never
> gets fixed. The deciding factor should be which one is less invasive, and
> that decision should be up to the packagers and the security response team.
> There are times it's easier to apply a patch, there are times that one must
> upgrade.
A good example would be any sufficiently large and complex code base...
the mozilla stack would apply here - in many cases, backporting would
be an onerous task compared to simply upgrading to the new version with
the security fix.
Bill
More information about the fedora-extras-list
mailing list