[OpenIndiana-discuss] p7zip
Alan Coopersmith
alan.coopersmith at oracle.com
Fri Dec 9 23:12:58 UTC 2016
On 12/8/2016 10:07 PM, Jim Klimov wrote:
> On another hand, is there a particular benefit of patching older versions in userland as cve fixes come out, rather than taking the newest release (assumed to include all bugfixes known to authors)?
That is a very risky assumption to make - many package authors
don't release new versions just for a security fix, and sometimes
put out new versions even with known security fixes not yet
integrated.
If you're not prepared for handling patches to upstream sources as
a unfortunately common case, then you'll end up with big holes in
your security strategy.
-alan-
More information about the openindiana-discuss
mailing list