On 01/18/2016 09:55 PM, Andrei Borzenkov wrote:
All,
Just a curiosity. Why patch OpenSSH_6.2p2 in a critical update instead of updating to OpenSSH_7.1p2? There are not conflicts between the versions or issues with backwards compatibility. So where is the logic for patching an old version when you could simply package the new version as an update?
Adding new version introduces risk of new unknown bugs. This is exact opposite to the goal of stable release.
Makes sense... I guess it's a damned if you do/damned if you don't situation. Yes the stability logic makes sense, but it also cuts the other way with the potential avenues for exploit that have been closed by design within the new version... I guess it is better the devil you know here... -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org