Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] Sufficiently patched OpenSUSE?
On 2017-10-06 21:14, John Andersen wrote:
On 10/05/2017 06:22 AM, Carlos E. R. wrote:
Any security "scanning" based on packages release versions on openSUSE
is absurd, and your security officer should know it.

Why should they know this piece of trivia on a "Community" Linux version that
is
experiencing decreasing market share year by year?

Because it has been the published strategy for *decades*?


Version numbers exist for a reason.

Opensuse's method of patching but leaving the
number the same is just lazy (and dangerous). They should be applying
community
pressure to those packages that use EQUAL in their dependencies rather than
GREATER OR EQUAL unless there is a clearly demonstrated reason that can't
possibly work.

No way.

Backward compatibility works in the vast majority of cases until or unless you
run into major version issues. (QT4-->QT5).
And THOSE are better handled by package systems than fudging version numbers.

I'm not aware of any other distro that does it the Opensuse way. And it means
a huge paper chase just to check if a patch has been applied.

If Opensuse is moving toward a rolling release, this practice has to stop, and
a more sane and standardized approach has to be taken. The world can't be
expected to keep track of the idiosyncrasies of each linux distro.

openSUSE _LEAP_ is *not* moving toward a rolling release.

Tumbleweed is a rolling release, and there the policy is reversed and
packages are updated to the newest package available.

--
Cheers / Saludos,

Carlos E. R.
(from 42.2 x86_64 "Malachite" at Telcontar)

< Previous Next >
Follow Ups