[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/4/07, Anne Wilson <[email protected]> wrote:
And there I want to chip in.  One big bugbear is when things that were working
get broken by updates.  I think that one small change would be immensely
helpful here.

Either people don't do updates at all - in which case vulnerabilities mount -
or they get the lot, and things occasionally get broken.  Bear in mind that
this class of user usually doesn't need the absolute latest and greatest -
just a reasonably up-to-date version of his software.  Surely it would be
possible to make a simple way to take security fix updates only?  That way
you could automate the updates for normal use, and they could get other
updates with the aid of someone more knowledgeable if necessary.

Maybe the possibility already exists. If it is, then it needs publicising.
This is a good idea but I think it is largely the way updates already
occur already within a particular version of Fedora ... but not
entirely. There are rarely updates solely to introduce features.
Oftentimes, rather than backporting a security patch included in a
newer version, the newer version gets packaged by the maintainer and
this drags along with it new features (and unfortunately new bugs).
This is done for the sake of efficiency (aka laziness ;]) since
backporting the security fixes to old versions represents a doubling
of the work than just packaging the new version.

I have found that most major snags that come up due to these new bugs
are ironed out within a week or so. So all that would be needed is
some mechanism to only apply updates that are at least a week old
provided there are no newer version that replace them. The dilema is
that your increase your risk of a security breach while at the same
time decreasing your risk of a botched package update. So it is a
tradeoff. Also, a problem would be that if everyone chose to delay
this package installation, there would just be a week added to the bug
discovery :]

I see a version of this happening already. Often a maintainer will
post to the list (probably the fedora-testing or fedora-devel list)
that they are putting out an update in a testing repository a week in
advance to air out any significant bugs. However, I suspect that the
vast majority don't bother volunteering to be the guinea pig and those
that would are already running test candidates of the future Fedora.

/Mike


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux