Juha Saarinen wrote:
On 8/23/06, Nico Meijer <[EMAIL PROTECTED]> wrote:
Set up another, non-production, box with 3.9 and build -stable on that.
Follow `man release` and read the upgrade guide on how to extract the
sets.
Seems a slightly cumbersome way to deal with security issues which may
be urgent, but perhaps that's just me?
THEN PUT THE COMPILER ON THE COMPUTER IN QUESTION! Sheesh.
"Hi, I just shot myself in the foot, and it really hurts. I don't think
it should be that way" uh..then watch where you store your bullets.
Having a mechanism to support your production machines with updates and
upgrades has to be part of your system.
If you opt to make the system more difficult to update by leaving
off the compiler, you have to do something else to do the builds
If you are worried about urgent, you have a system that can build
rapidly, not in days...
Very eloquent arguments have been made for why leaving compilers off
systems INCREASES security risks due to making the system hard to update.
Nick.
