Security updates are too slow or none existant

Pedro Fernandes Macedo webmaster at margo.bijoux.nom.br
Sun Feb 8 00:52:29 UTC 2004


Nathan G. Grennan wrote:

>   There are also issues that end up isolated to Fedora Core 1, like the
>current situation with gaim. There are vulnerabilities in gaim(patch
>available, Debian has used it) and there is no sign of a patched rpm for
>Fedora.
>
>  
>
Nathan,

Fedora is still a newborn distribution. The guys at redhat have to keep 
their main line updated and also keep fedora updated as well.. However , 
this is a lot of work , as it usually means backporting security fixes 
to two or three versions of a given software. It may take a while , but 
we'll get to a point where the community will be strong enough to keep 
Fedora updated and secure. Meanwhile , we'll have to count on the guys 
from RH for this...
However, I dont see this as an issue. I'm running a local repository at 
my work and it is in sync with the main mirrors. All the fixes are 
available on testing as soon as they are available for RH9 , for 
example. So , I believe that we , as fedora users , are given a better 
product , as the patches are being tested a lot more on real conditions 
before being officially released on the updates channel. I use the 
testing repositories on my desktop machines to help testing the packages 
before they are released. On my servers , I simply dont use them , 
because downtime isnt acceptable for us (even the chance of having 
downtime isnt acceptable).

--
Pedro Macedo





More information about the fedora-list mailing list