On Thu, 30 Jan 2020 at 15:47, Richard Shaw <hobbes1...@gmail.com> wrote: > > 4. I'm not a C/C++ programmer and certainly not a security expert. If I can > find a link to a fix for another distro, such as debian, I'll apply it but > more often than not there's nothing there when I look. I'll even file an > issue upstream but most of the time it's ignored. >
Programming language knowledge doesn't imply intimate knowledge of every software development framework a program written in that language may be based on. Neither does it imply intimidate knowledge of the program and its source code. That is when packagers consult upstream developers, and not even for upstream developers all security issues are trivial to fix. Sometimes potential fixes are controversial and require software development that goes far beyond what packagers do. > 5. A of times it's for an EPEL package that's much older than the current > release so the fix for Fedora can't be easily applied to EPEL. > Also true. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
