On Sat, Aug 16, 2003 at 03:50:01PM -0400, Matt Zimmerman wrote: > On Sat, Aug 16, 2003 at 12:45:20PM -0400, Andrew Pimlott wrote: > > It could be announced as a potential but unverified hole. Anyway, this > > whole "decision" thing is overblown for 99% of users. As long as Debian > > is careful with stable updates, they should be extremely reliable, and > > most users shouldn't think twice about installing them. I suppose the > > other 1% can do their own research. I think the benefit in terms of holes > > closed outweighs the cost of more numerous and less informative updates. > > The reason why many users don't have to think about installing the updates > is because they trust us to be responsible with our changes. In cases where > the stability of the system is critical, updates will still be scrutinized, > because downtime must be scheduled. This means that they need to know the > urgency of the issue. Installing updates without checking would be very common. With the SSH update I just went and installed it on all of our machines. If I had known it would break so many things I would have been more careful (and saved myself a lot of grief). (basically, password-less ssh1 keys were no longer used automatically, breaking many scripts). Next time I see an update that upgrades to a completely new version I will definitly be more careful. -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > "All that is needed for the forces of evil to triumph is for enough good > men to do nothing." - Edmond Burke > "The penalty good people pay for not being interested in politics is to be > governed by people worse than themselves." - Plato
Attachment:
pgpq9jvZpJa0i.pgp
Description: PGP signature