Quoting Stephen John Smoogen <[EMAIL PROTECTED]>:
On 5/15/06, Eric Rostetter <[EMAIL PROTECTED]> wrote:
Quoting Stephen John Smoogen <[EMAIL PROTECTED]>:
Third, how expert are you (the patcher) on what the vulnerability is,
what the code is, and how you are 'stopping' the vulnerability from
being there.
I'm not sure that should come into play per se.
Does this explain it better?
If you are not familiar with the code base and having to figure out a
backpatch by hand (e.g. there is no available one for that release,
etc), then how sure are you that you have fixed the security problem
without opening another security problem?
If you are upgrading the package to a vastly different version, how
sure are you that you didn't open another security problem, or break
something?
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Go Longhorns!
--
fedora-legacy-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
