[wplug] Red Hat and backporting
Tim Lesher
tim at lesher.ws
Fri Jun 13 14:10:53 EDT 2003
On Fri, Jun 13, 2003 at 11:00:44AM -0400, James O'Kane wrote:
> Here is a blurb on why Red Hat backports security patches rather than
> jumping to the newest version:
> http://www.redhat.com/advice/speaks_backport.html
Interesting article, except for a few points:
"However, backporting has not been given much attention and will be a
new concept to people more familiar with proprietary software."
Not at all, if you've ever worked in a place that either supports
multiple versions of the same software, or else supports a prior
version while working on a new one. Microsoft does this as well--for
example, when a security fix for an issue that affects multiple
versions of the same product, not built from the same source tree
(e.g., Windows 9x and Windows NT).
"Customers need to be aware that just looking at a version number by
itself doesn't help you know if you are vulnerable to a security
issue. "
I think RedHat could clear up most of these problems by having a
simple explanation of sub-versioning, and by having a single place
where you could see the sub-versions they've released, and the reason
for the re-release. In other words, an inverse version of the CVE
project.
--
Tim Lesher <tim at lesher.ws>
http://www.lesher.ws
More information about the wplug
mailing list