On Mon, 2010-06-21 at 18:47 -0500, C Anthony Risinger wrote:
On Jun 21, 2010, at 6:37 PM, Andres P <aepd87@gmail.com> wrote:
2010/6/21 Ng Oon-Ee <ngoonee@gmail.com>:
bugs with upstream, which may not be the case with 5-10 security- patches from git/svn).
This is just pessimistic outlook. Having patches means that you're actually contributing upstream instead of leaching the latest ver every 3 weeks.
People need to stop with the notion that patching is bad. As long as you submit upstream, it's anything but a detriment. Upstream *wants* you to fix their crap.
Andres P
He said from git/svn... ie backporting, not contributing.
C Anthony
Thanks Anthony. I guess my statement IS unclear. @Andres I agree that contributing patches upstream is ideal, but (pessimistic outlook again) I doubt the size of the security team will be enough to allow them to write and test significant patches, which leads to the assumption that their main job would be to identify holes and grab patches from upstream (or Fedora/Debian/whatever) to fix those holes while waiting for upstream to go through whatever verification process they need. Those patches would come from a patchwork of places (upstream's git/svn, fedora/debian patch, etc.), and make it a bit harder to keep things stable.