| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | "David E(dot) Wheeler" <david(at)kineticode(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, jd <jd(at)commandprompt(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Safe security |
| Date: | 2010-03-08 17:55:14 |
| Message-ID: | 9837222c1003080955y4f23508ewd7b1341a25a18c4f@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2010/3/8 David E. Wheeler <david(at)kineticode(dot)com>:
>> Particularly if the vendor chooses to back-patch
>> Safe security fixes without bumping the visible version number, as is
>> not unlikely for Red Hat in particular.
>
> This is why I hate packaging systems. Frankly, Red Hat's Perl has been consistently broken for close to a decade, mainly because of patching practices such as this.
Goes both way - it's the main reason I hate CPAN, and I know many
sysadmins who hold just that position. (to be clear: the lack of
back-branch management on CPAN is what sucks)
But we're not arguing that. We know it's a situation out there, and we
jus thave to deal with it.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2010-03-08 18:04:07 | Re: SQL compatibility reminder: MySQL vs PostgreSQL |
| Previous Message | David Fetter | 2010-03-08 17:43:38 | Re: SQL compatibility reminder: MySQL vs PostgreSQL |