On 25 Apr 2006 at 17:20, Marcus Meissner wrote: > On Tue, Apr 25, 2006 at 05:17:19PM +0200, Philipp Wollermann wrote: > > Hi, > > > > Marcus Meissner wrote: > > >The latest security bugs in FF 1.5.x have been applied already, check > > >the changelog... A version upgrade wont be done now. > > > > > >Ciao, Marcus > > > > > I don't want to discuss this thing, but maybe someone can explain to me > > (it's just because I'm interested in the reasons for this method), why > > distributors choose to manually patch applications, instead of applying > > minor version updates from upstream? Manually applied patches can't be > > verified by the user, so as in the Qt 4.1.0 vs. 4.1.2 issue, I would > > think "SUSE doesn't even bugfix stability issues" even if the patches > > maybe have been applied manually without increasing the version number.. > > Certification for products might list specific fixed versions.
OK. > > Because just "minor version updates" in the OSS world occasionaly > mean massive changes and it is hard to decide. I can be, but need not. For every rule there should be execptions. > > Or even "minor version updates" break binary compatibility if libraries > are provided. OK, may be, but strictly speaking no security-patched binary is binary-compatible to the non-patched version ;-) So this also depends very much on the details. > > There is a class of "leaf packages" like Firefox where this is not so > important and where we do upgrades on occassion already. > (We did for the Firefox series in older products occasionaly.). > > The internal policy however sets it to backport if possible, to avoid > any problems like the above (or others still unknown). Gererally OK, but sometimes it seems easier to make an exception. Regards, Ulrich --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
