Rolf Kutz un jour écrivit:
On 23/04/08 07:00 -0400, Michael Stone wrote:
disk"--systems maintainence issue.) The end result of data security
processes should lead you to backups or some other contingency plan,
no shoving arbitrary software into stable because it scratches your
itch. Instead of blowing the computer security horn because that horn
happens to have resources attached to it, you should pursue the
general systems maintenance horn because that's what this problem is.
(The you here is plural, and this is an industry-wide problem.)
Ack. But there should be a way to fix rc-bugs even
after release.
I fully agree that this bug doesn't deserve a security update, but I
see no reason for not fixing in 4.0r4 what would normally be considered a
release critical bug.
Since there is not urgency to release, or security issues involved, It
would be easy to publicly ask people to test the fix in order to get
better testing.
I my opinion, the only proper period to include those fix are when
there is a new revision, or maybe before if there is another problem that
already deserve a DSA and that the security team feels comfortable to
include both fix at the same time.
But there should be an official way to get major problems fixed when
the risk of breaking somethings is low enough.
Simon Valiquette
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
