Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] Sufficiently patched OpenSUSE?
  • From: Knurpht - Gertjan Lettink <knurpht@xxxxxxxxxxxx>
  • Date: Fri, 06 Oct 2017 23:46:00 +0200
  • Message-id: <5868559.22yzpUW9Ig@knurpht-hp>
Op vrijdag 6 oktober 2017 21:14:02 CEST schreef John Andersen:
On 10/05/2017 06:22 AM, Carlos E. R. wrote:
Any security "scanning" based on packages release versions on openSUSE
is absurd, and your security officer should know it.

Why should they know this piece of trivia on a "Community" Linux version
that is experiencing decreasing market share year by year?

Version numbers exist for a reason.

Opensuse's method of patching but leaving the
number the same is just lazy (and dangerous). They should be applying
community pressure to those packages that use EQUAL in their dependencies
rather than GREATER OR EQUAL unless there is a clearly demonstrated reason
that can't possibly work.

Backward compatibility works in the vast majority of cases until or unless
you run into major version issues. (QT4-->QT5).
And THOSE are better handled by package systems than fudging version
numbers.

I'm not aware of any other distro that does it the Opensuse way. And it
means a huge paper chase just to check if a patch has been applied.

If Opensuse is moving toward a rolling release, this practice has to stop,
and a more sane and standardized approach has to be taken. The world can't
be expected to keep track of the idiosyncrasies of each linux distro.

Please learn to write "openSUSE". That's the name of the distro.
For the rest: read about the phenomenon of backporting,
Plus, John,. you do not have to run openSUSE. Why should you if the people
building it do it all wrong.

--
Gertjan Lettink, a.k.a. Knurpht

openSUSE Board Member
openSUSE Forums Team

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >