Am Mittwoch, 26. April 2006 11:21 schrieb Marcus Meissner:
On Wed, Apr 26, 2006 at 11:17:27AM +0200, Ulrich Windl wrote:
Hi!
I really don't understand why a media with dangerous software is released after a SuSE security announcement is out already. Maybe the Yast team should invent an Online Update for the release tree (to be applied before release then).
It is already fixed on the media.
Just with source patches instead of a version upgrade.
Ciao, Marcus
The one problem I have with this situation is when projects like Mozilla turn round and give out a press release that there are security issues with 1.5.0.1 and all users should upgrade to 1.5.0.2 (well, Secunia announced today that 1.5.0.2 has a new vulnerability, so I guess 1.5.0.3 will be the current version in a couple of days). If a user isn't on the security announce list or hasn't seen this conversation, then they will assume that the version 1.5.0.1 that they have is compromised and will be looking for a 1.5.0.2 coming as a security fix over YOU, and when it doesn't appear, they will be complaining about SUSE not updating for security fixes and complaining about how hard it is trying to install the .tar.gz from the Mozilla site... This doesn't do either side any good. I can understand some of the reasons for doing the patching this way, but it just confuses the ordinary user who doesn't join any of the mailing lists. If they have 1.5.0.1 and Mozilla are saying upgrade to 1.5.0.2 because all older versions are insecure, how are they to know that SUSE have back-patched the relevant fixes? Probably a very small portion of the total user base join the factory list or security-announce... For example, I've been a SUSE user for around 5 years, but I only joined the mailing lists in November/December last year. If I hadn't read the relevant mails on the lists, I'd probably be cursing SUSE and downloading .0.2 from the Mozilla site... Dave -- "I got to go figure," the tenant said. "We all got to figure. There's some way to stop this. It's not like lightning or earthquakes. We've got a bad thing made by men, and by God that's something we can change." - The Grapes of Wrath, by John Steinbeck