Security updates are too slow or none existant
Pedro Fernandes Macedo
webmaster at margo.bijoux.nom.br
Sun Feb 8 00:52:29 UTC 2004
Nathan G. Grennan wrote:
> There are also issues that end up isolated to Fedora Core 1, like the
>current situation with gaim. There are vulnerabilities in gaim(patch
>available, Debian has used it) and there is no sign of a patched rpm for
>Fedora.
>
>
>
Nathan,
Fedora is still a newborn distribution. The guys at redhat have to keep
their main line updated and also keep fedora updated as well.. However ,
this is a lot of work , as it usually means backporting security fixes
to two or three versions of a given software. It may take a while , but
we'll get to a point where the community will be strong enough to keep
Fedora updated and secure. Meanwhile , we'll have to count on the guys
from RH for this...
However, I dont see this as an issue. I'm running a local repository at
my work and it is in sync with the main mirrors. All the fixes are
available on testing as soon as they are available for RH9 , for
example. So , I believe that we , as fedora users , are given a better
product , as the patches are being tested a lot more on real conditions
before being officially released on the updates channel. I use the
testing repositories on my desktop machines to help testing the packages
before they are released. On my servers , I simply dont use them ,
because downtime isnt acceptable for us (even the chance of having
downtime isnt acceptable).
--
Pedro Macedo
More information about the fedora-list
mailing list