On Sat, 3 Feb 2007, Chris Hall wrote:
On Mon, 29 Jan 2007 Gerald (Jerry) Carter wroteChris Hall wrote:...but doesn't change my opinion that software should be written to avoid obscure failure caused by obvious misconfiguration -- particularly in the case of an upgrade which turns a previously working configuration into a broken one !Chris, This is not a pass the buck argument, but I would push back on the Fedora folks (IIRC the original context correctly). No one should have pushed out a 3.0.23a from 3.0.14a via yum. We have been constantly saying that upgrade releases (when the minor number changes) has significant differences from past releases. The letter releases are bug fix only.Well, OK... but is there a 3.0.14x which contains all the bug and *security* fixes that 3.0.23 contains ?So you can tell us (developers) that we should make such sweeping changes and in response I would state that package maintainers for a distro should not push out such sweeping changes without properly notifying the distro users.These days one feels nervous if one is not running the latest, stable version, on the basis that it should be the most secure.Last time I ran yum it updated 171 packages. The only way that it is practical for me to keep up to date is to depend on the developers to ensure:- either, the updates are upwards compatible (if necessary, by updating configuration) - or, the new software stops gracefully and points me in the right direction to complete the updateAnd I would expect the second case to be (very) rare, and driven by a serious need or (better) a significant feature advantage.As a developer I understand the cost of upwards compatibility. But where it used to be a matter of convenience when occasionally upgrading for new features, it is now a matter of necessity when frequently upgrading to maintain maximum security.If I were maintaining a distribution, running to many hundreds of packages, I doubt I would feel it was practical if each one could carry its own little surprise !
Or, you could use Debian Linux which backports security fixes for their stable releases. :)
Andy
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
