[arch-general] Important notice on the Arch Security Team to the whole Arch Linux community.
Ng Oon-Ee
ngoonee at gmail.com
Mon Jun 21 21:02:25 EDT 2010
On Mon, 2010-06-21 at 18:47 -0500, C Anthony Risinger wrote:
> On Jun 21, 2010, at 6:37 PM, Andres P <aepd87 at gmail.com> wrote:
>
> > 2010/6/21 Ng Oon-Ee <ngoonee at gmail.com>:
> >> bugs with upstream, which may not be the case with 5-10 security-
> >> patches
> >> from git/svn).
> >
> > This is just pessimistic outlook. Having patches means that you're
> > actually
> > contributing upstream instead of leaching the latest ver every 3
> > weeks.
> >
> > People need to stop with the notion that patching is bad. As long as
> > you submit
> > upstream, it's anything but a detriment. Upstream *wants* you to fix
> > their
> > crap.
> >
> > Andres P
>
> He said from git/svn... ie backporting, not contributing.
>
> C Anthony
Thanks Anthony. I guess my statement IS unclear.
@Andres I agree that contributing patches upstream is ideal, but
(pessimistic outlook again) I doubt the size of the security team will
be enough to allow them to write and test significant patches, which
leads to the assumption that their main job would be to identify holes
and grab patches from upstream (or Fedora/Debian/whatever) to fix those
holes while waiting for upstream to go through whatever verification
process they need. Those patches would come from a patchwork of places
(upstream's git/svn, fedora/debian patch, etc.), and make it a bit
harder to keep things stable.
More information about the arch-general
mailing list