Nathan G. Grennan wrote:
There are also issues that end up isolated to Fedora Core 1, like the current situation with gaim. There are vulnerabilities in gaim(patch available, Debian has used it) and there is no sign of a patched rpm for Fedora.
Nathan,
Fedora is still a newborn distribution. The guys at redhat have to keep their main line updated and also keep fedora updated as well.. However , this is a lot of work , as it usually means backporting security fixes to two or three versions of a given software. It may take a while , but we'll get to a point where the community will be strong enough to keep Fedora updated and secure. Meanwhile , we'll have to count on the guys from RH for this...
However, I dont see this as an issue. I'm running a local repository at my work and it is in sync with the main mirrors. All the fixes are available on testing as soon as they are available for RH9 , for example. So , I believe that we , as fedora users , are given a better product , as the patches are being tested a lot more on real conditions before being officially released on the updates channel. I use the testing repositories on my desktop machines to help testing the packages before they are released. On my servers , I simply dont use them , because downtime isnt acceptable for us (even the chance of having downtime isnt acceptable).
-- Pedro Macedo
