Re: on potato's proftpd
On Wed, Apr 03, 2002 at 03:22:39AM +0200, martin f krafft wrote:
> but give me at least one argument why these acts cannot combine with
> a *temporary* fix uploaded to the so-called "security archives".
There are several good reasons:
- If a band-aid fix is allowed, there is less incentive to find
the correct fix.
- If the problem isn't understood, there is a good chance that the
band-aid doesn't really fix the problem, and a fair chance that
it creates new problems. If there are related problems (eg,
similar bugs in different programs), they may go undiscovered.
- Users would have to upgrade again when the permanent fix is
released. People running production systems like to minimize
changes, so this could make them unhappy.
I think Wichert's position
Andrew
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: