Mailinglist Archive: opensuse (1047 mails)

< Previous Next >
Re: [opensuse] openSUSE-SU-2016:0145-1: critical: openssh - why patch OpenSSH_6.2p2 and not install OpenSSH_7.1p2?
On 01/18/2016 09:55 PM, Andrei Borzenkov wrote:
> Just a curiosity. Why patch OpenSSH_6.2p2 in a critical update instead
>of updating to OpenSSH_7.1p2? There are not conflicts between the
>versions or issues with backwards compatibility. So where is the logic
>for patching an old version when you could simply package the new
>version as an update?
Adding new version introduces risk of new unknown bugs. This is exact
opposite to the goal of stable release.

Makes sense... I guess it's a damned if you do/damned if you don't situation. Yes the stability logic makes sense, but it also cuts the other way with the potential avenues for exploit that have been closed by design within the new version... I guess it is better the devil you know here...

David C. Rankin, J.D.,P.E.
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups