On 08/02/2013 05:06 PM, James Salsman wrote: > Marc, I note that you have recommending not keeping the Perl CPAN > modules up to date on Wikimedia Labs: > http://www.mediawiki.org/w/index.php?title=Wikimedia_Labs/Tool_Labs/Needed_Toolserver_features&diff=678902&oldid=678746 > saying that out of date packages are the "best tested" when in fact > almost all CPAN packages have their own unit tests. That sort of > reasoning is certain to allow known security vulnerabilities to > persist when they could easily be avoided.
Besides being from a few months ago, and unrelated to this conversation, I think that's a mis-characterization of what he said. He said in general he would lean towards "keeping the distribution's versions since those are the better tested ones", but noted it should be looked at on a "package-by-package basis", and that "there may well be good reasons to bump up to a more recent version" (a security vulnerability that the distro isn't fixing rapidly enough would be such a reason). It seems from the context "better tested" meant something like "people are using this in practice in real environments", not only automated testing. Matt Flaschen _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>