On 06 Apr 2011, at 7:24 PM, Tab Atkins Jr. wrote: > When a security bug is encountered, either the browsers update to a > new version of sqlite (if it's already been fixed), thus potentially > breaking sites, or they patch sqlite and then upgrade to the patched > version, thus potentially breaking sites, or they fork sqlite and > patch the error only in their forked version, still potentially > breaking sites but also forking the project. The only thing that is > *not* a valid possibility is the browsers staying on the single fixed > version, thus continuing to expose their users to the security bug. > > ~TJ
Browser vendors are moving to shorter and shorter release cycles. People have stopped viewing these things through the "IE6-here-forever" lens. Browsers are starting to update themselves automatically, even nightly. If a security issue were to be found, it would be highly unlikely that its patch would break any SQL interface of SQLite.
