On Wed, 21 Aug 2013 12:21:41 +0400 Sergey Popov <pinkb...@gentoo.org> wrote:
> 21.08.2013 12:17, Tom Wijsman пишет: > > On Wed, 21 Aug 2013 11:57:22 +0400 > > Sergey Popov <pinkb...@gentoo.org> wrote: > > > >> 20.08.2013 23:42, Tom Wijsman пишет: > >>> On Tue, 20 Aug 2013 14:29:09 -0400 > >>> Wyatt Epp <wyatt....@gmail.com> wrote: > >>>> What manner of bitrot? > >>> > >>> They might ... > >>> > >>> 2. ... contain security bugs that later versions have fixed. > >> > >> There should be security bug on our bugzilla with quick > >> stabilization on it and(probably) GLSA. > > > > Not all security bugs are visible; the older a piece of software, > > the higher the chance that some people know about one or another > > exploit that the rest of the world does not know about. > > > > True. But blindly bringing new versions into stable(without testing) > cause it POSSIBLY(without ChangeLog notes or CVES or whatever) > contains LESS security problems is not an option. Stable should be > reasonable That's not what I am suggesting. It is not about bringing in new versions, but about getting rid of OLD versions which LIKELY contain MORE security problems than you imagine. Keeping them around for too long time isn't reasonable... -- With kind regards, Tom Wijsman (TomWij) Gentoo Developer E-mail address : tom...@gentoo.org GPG Public Key : 6D34E57D GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D
signature.asc
Description: PGP signature
