On Tue, Apr 25, 2006 at 05:17:19PM +0200, Philipp Wollermann wrote:
Hi,
Marcus Meissner wrote:
The latest security bugs in FF 1.5.x have been applied already, check the changelog... A version upgrade wont be done now.
Ciao, Marcus
I don't want to discuss this thing, but maybe someone can explain to me (it's just because I'm interested in the reasons for this method), why distributors choose to manually patch applications, instead of applying minor version updates from upstream? Manually applied patches can't be verified by the user, so as in the Qt 4.1.0 vs. 4.1.2 issue, I would think "SUSE doesn't even bugfix stability issues" even if the patches maybe have been applied manually without increasing the version number..
Certification for products might list specific fixed versions. Because just "minor version updates" in the OSS world occasionaly mean massive changes and it is hard to decide. Or even "minor version updates" break binary compatibility if libraries are provided. There is a class of "leaf packages" like Firefox where this is not so important and where we do upgrades on occassion already. (We did for the Firefox series in older products occasionaly.). The internal policy however sets it to backport if possible, to avoid any problems like the above (or others still unknown). Ciao, Marcus