Errata?
Bevan C. Bennett
bevan at fulcrummicro.com
Mon Jan 26 19:55:38 UTC 2004
WipeOut wrote:
> Yes I know about the updates dir.. :)
Just checking... no offense.
> If you look at the RH9 errata (
> https://rhn.redhat.com/errata/rh9-errata.html ) there have been 7
> security updates since the last kernel update and these have not been
> updated in Fedora ( make it 6 since the one came out today :) ).. I
> would have hoped that security updates would have a high priority to get
> out on any distro, and thats what I am trying to find out about..
>
> Like I said maybe Fedora does not need these updates because it is
> running newer packages than RH9 anyway..
Hmm. That's actually a good question. FC1 has certainly been right along
with RH9 for the recent kernel updates...
mremap bug in kernel:
RH9 and FC1 released now kernel packages 1/5/2004
CVE CAN-2003-0542 bug in httpd:
RH9 fixed on 12/16/2003, FC1 on 1/8/2004
Perhaps the more recent fixes (slocate, tcpdump, gaim, etc) are being
tested before release and announcement.
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/1/i386/
has recently updated gaim and slocate packages, for example. I haven't
grabbed them to check the changelogs, but it would seem likely that they
have the same fixes.
It's just the different speeds at which updates make the journey from
proposed -> testing -> released update, I suspect.
> I don't mean to upset or offend anyone i am just trying to find out what
> the security policy of the dev team is..
No offense here. The dev team may be more likely to answer if you hop
over to the fedora-devel-list though...
More information about the fedora-list
mailing list