no mandatory QA testing at all [Re: crazy thought about how to ease QA testing]
Jim Popovitch
jimpop at yahoo.com
Mon Feb 13 17:45:06 UTC 2006
Mike McCarty wrote:
>
> I'd rather run with a known security vulnerability than an untested
> package. With a known security hole, I know some steps I can take
> externally to my box, and know what my vulnerability is. With an
> untested package, I know neither.
Mike, I would generally agree with that above statement, however most
(99 percent?) of the FL fixes involved code that was written and tested
elsewhere. All FL does is re-apply the same fix to the FL codebase. I
for one am willing to accept a tested fix that is applied to a parallel
codebase over running a known vulnerability. It's not an exact science
but it also isn't running blind.
-Jim P.
More information about the fedora-legacy-list
mailing list