On Thu, Mar 18, 2004 at 02:35:41PM +0000, Joe Orton wrote: > The problem is really that there is no QA team for Fedora which can test > embargoed security fixes. The stuff *is* already being tested for RH9, and I seriously doubt that a RH9 QA'ed OpenSSL package behaves any different on FC1 - given that both have the almost exact same OpenSSL predecessor package. The only changes between 0.9.7a-20 (RH9 predecessor) and 0.9.7a-23 (current FC1) are: - add a_mbstr.c fix for 64-bit platforms from CVS - add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged as not needing executable stacks - remove exclusivearch I doubt that pulling in the changes in the RH9 update: - pull in fix for libssl link line (Tim Waugh, #111154) - add security fixes for CAN-2004-0079, CAN-2004-0112 - updated ca-bundle.crt: removed expired GeoTrust roots, added freessl.com root, removed trustcenter.de Class 0 root do invalidate any QA already done. I may be wrong... feel free to clue me in. :-) > (Unless you want us to do everything > privately inside Red Hat again, which defeats the point of the project). Well, Fedora is still a RH-only show. For me, Fedora changes the following things in comparision to RH9 and earlier: - higher update pace (good) - lesser resistance to break stuff to skip hurdles (good) [introduction of new stuff, which needs to break backwards compat] - extremely delayed security updates (showstopper) Over the years, using Linux became more and more of a tool to do a job (I'm speaking of private use here) - not a self-serving playground. As such, I nowadays use vendor kernels because they are mature enough and have all I need. I simply don't have the time anymore for all this detail fiddling around. This worked nicely for the RH7/RH9 eara. But beginning with FC1, I now have to invest significant time just to get security updates for my private systems in place, in order not to be an easy target for that blackhats. I fully understand that this is all "free beer", so don't get me wrong. Best regards, Daniel
