Fedora products, to upgrade rather than backport?
Eric Rostetter
rostetter at mail.utexas.edu
Mon May 15 21:33:08 UTC 2006
Quoting Stephen John Smoogen <smooge at gmail.com>:
> On 5/15/06, Eric Rostetter <rostetter at mail.utexas.edu> wrote:
>> Quoting Stephen John Smoogen <smooge at gmail.com>:
>>
>
>>> Third, how expert are you (the patcher) on what the vulnerability is,
>>> what the code is, and how you are 'stopping' the vulnerability from
>>> being there.
>>
>> I'm not sure that should come into play per se.
>>
>
> Does this explain it better?
>
> If you are not familiar with the code base and having to figure out a
> backpatch by hand (e.g. there is no available one for that release,
> etc), then how sure are you that you have fixed the security problem
> without opening another security problem?
If you are upgrading the package to a vastly different version, how
sure are you that you didn't open another security problem, or break
something?
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Go Longhorns!
More information about the fedora-legacy-list
mailing list