On Jul 29, 2013, at 11:19 PM, Antoine Pitrou <solip...@pitrou.net> wrote:
> Noah Kantrowitz <noah <at> coderanger.net> writes: >>> The whole python.org infrastructure is built on an OS kernel written by > someone >>> who thinks security issues are normal bugs. AFAIK there is no plan to > switch to >>> OpenBSD. >> >> This is news to me, we specifically run Ubuntu LTS because Canonical's > security response team has a proven >> track record of handling issues. If you mean that Linus doesn't handle > security issues well, then it is >> fortunate indeed that we don't actually use his software. > > Did you already forget what the discussion is about? > Security/bugfix Ubuntu LTS updates don't break compatibility for the sake of > hardening > things, which is the whole point. Again, speaking as the guy that has to clean up the mess when they do break compat, I promise you they do. Same deal, they only break compat when keeping compat would present a threat to users, which is quite often the case with security bugs. They are fortunately a bit further ahead of us on the long tail of finding problems, so this is far less frequent than it was in years past. We will get there too, but like I said, status quo is not a defense here, just strap in and hang on. --Noah
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
