Hi Egan,
On Wed, 21 Feb 2001, Egan wrote:
On Wed, 21 Feb 2001 00:47:29 +0100 (MET), Roman Drahtmueller <draht@suse.de> wrote:
I repeat: We will not provide update packages if there is no security problem with 2.3.0p1.
So we have to wait for the next SuSE release to get important feature upgrades?
we wait until suse thinks it is time, that is what they sell us, or does anyone on this list want to have always the latest/greatest.
On Wed, 21 Feb 2001, Ralf Ronneburger wrote: this was romans note: and that is sure because he is not maintainer of openssh he does security fixes, upgrades are to be done by the package maintainer, as roman noted in his 2nd or so mail. therefore roman puts the point at the end of the sentence. this can only be done without any testing and thinking about extra (extra initialization, extra dependencies, extra documentation). this must be checked by suse, and takes time. (that is apoint too)
If that is SuSE policy, I will be tempted to look elsewhere.
you should look at the source, building one package is not really hard (./configure; make;...) but read the README, CHANGELOG to see how secure it can be.
and it is managable because it is only one package to you, and it is more secure, because it is one package which you know and can watch. suse cant watch youre system so they have to do it at tha labs and this takes time. when suse is up to my package version, i will remove it from my system and install the syse version.
-- BINGO: broaden horizons --- Engelbert Gruber ----=~ SSG Fintl,Gruber,Lassnig A6140 Telfs Untermarkt 9 Tel. ++43-5262-64727 ----=~