Re: policy change is needed to keep debian secure
On Tue, Aug 23, 2005 at 09:46:54PM +1000, Paul Gear wrote:
> Daniel Sterling wrote:
> > Keeping Debian stable by not changing things is great.
> >
> > Except maybe its not so great when you're trying to maintain a
> > complicated, buggy, high profile program that handles sensitive user
> > data and untrusted input.
> >
> > Debian stable cannot stay stable without changing, sometimes
> > drastically.
> >
> > Firefox in Debian stable cannot stay stable and secure by not changing.
> > ...
>
> This issue has been done to death already. Please read the archives of
> this list, especially one of Matt Zimmerman's posts in the "On Mozilla-*
> updates" thread, which reads in part:
Paul seems to be working from a different definition of "stable" than the
one used in the context of Debian releases.
>From WordNet (r) 2.0 [wn]:
stable
adj 1: resistant to change of position or condition; "a stable
ladder"; "a stable peace"; "a stable relationship";
"stable prices" [ant: {unstable}]
2: firm and dependable; subject to little fluctuation; "the
economy is stable"
3: not taking part readily in chemical change
4: maintaining equilibrium
5: showing little if any change; "a static population" [syn: {static},
{unchanging}]
That is what stable is about: not changing, or when change is absolutely
necessary, changing as little as possible. A hot new Firefox release may
seem sexy to a Linux enthusiast, but to the novice, or to the corporate IS
administrator, it means risk.
--
- mdz
Reply to: