On 2008-08-29 11:42, Tim Edwards wrote:
> Johannes Wiedersich wrote:
>> On 2008-08-28 10:00, Tim Edwards wrote:
>> That's new to me. Were did you get this information? IIRC it's a unique
>> feature of debian (and/or debian based systems) to get security fixes
>> backported. As an example, see suse's security annnouncements, where
>> first firefox is updated to version 2.0.0.13 [1] and later to 2.0.0.13
^^^^^^^
Sorry for the typo, it should read: 2.0.0.15>> [2], ie. the fixes are *not* backported to 2.0.0.13. > > That's what I mean - they've backported the security/bug updates into > their firefox 2.0.0.13 package, ie. it's still firefox 2.0.0.13 but with > some fixes from 2.0.0.16 (or whatever the latest is) included. No. In this case it seems they replaced firefox 2.0.0.13 by upstream's next version. (If they'd fix mozilla's code by themselfs in a similar fashion as debian, they wouldn't be allowed to call it 'firefox'. This is the reason why firefox [was|had to be] rebranded to iceweasel in debian. ) > This is taking a patch and applying it to an older version of the > software than it was intended > (http://www.reference.com/search?r=13&q=Backporting) and it's certainly > not unique to Debian. On RPM distros they increment the release number > on the RPM when they do this. > > http://www.redhat.com/security/updates/backporting/?sc_cid=3093 From this and [1] and [2] (look at the version number of firefox) I infer that Redhat *sometimes* employs security backports (if they can't escape it) and usually just upgrades to the next upstream version. Debian *always* backports security fixes to its stable release. Cheers, Johannes [1] https://www.redhat.com/archives/enterprise-watch-list/2008-July/msg00002.html [2] https://www.redhat.com/archives/enterprise-watch-list/2008-July/msg00017.html
signature.asc
Description: OpenPGP digital signature
