| 1 |
21.08.2013 12:17, Tom Wijsman пишет: |
| 2 |
> On Wed, 21 Aug 2013 11:57:22 +0400 |
| 3 |
> Sergey Popov <pinkbyte@g.o> wrote: |
| 4 |
> |
| 5 |
>> 20.08.2013 23:42, Tom Wijsman пишет: |
| 6 |
>>> On Tue, 20 Aug 2013 14:29:09 -0400 |
| 7 |
>>> Wyatt Epp <wyatt.epp@×××××.com> wrote: |
| 8 |
>>>> What manner of bitrot? |
| 9 |
>>> |
| 10 |
>>> They might ... |
| 11 |
>>> |
| 12 |
>>> 2. ... contain security bugs that later versions have fixed. |
| 13 |
>> |
| 14 |
>> There should be security bug on our bugzilla with quick stabilization |
| 15 |
>> on it and(probably) GLSA. |
| 16 |
> |
| 17 |
> Not all security bugs are visible; the older a piece of software, the |
| 18 |
> higher the chance that some people know about one or another exploit |
| 19 |
> that the rest of the world does not know about. |
| 20 |
> |
| 21 |
|
| 22 |
True. But blindly bringing new versions into stable(without testing) |
| 23 |
cause it POSSIBLY(without ChangeLog notes or CVES or whatever) contains |
| 24 |
LESS security problems is not an option. Stable should be reasonable |
| 25 |
|
| 26 |
-- |
| 27 |
Best regards, Sergey Popov |
| 28 |
Gentoo developer |
| 29 |
Gentoo Desktop Effects project lead |
| 30 |
Gentoo Qt project lead |
| 31 |
Gentoo Proxy maintainers project lead |
Archives