On Fri, 2002-12-13 at 12:54, David van Hoose wrote: > You are not alone. > I sent RedHat a message addressing the issue about how they are > releasing older packages with their set of security fixes rather than > helping patch the program's CVS so that ALL of the newer versions of the > program will be patched. I find that RedHat is in essence pulling a > Micro$oft in that they will not share. > I find it kind of iritating that RH just released an update for KDE > 3.0.3 instead of releasing 3.0.5 which had the same fixes. Some programs > should be tested, but others are already being tested and fixed on a > daily basis. > I think that if we all complain about this, that they might modify their > policy on security fixes. > > -David > > Matthew Boeckman wrote:
Just an idea... Maybe RedHat has very good reasons for doing it the way that they are. There may be lot's of dependencies involved. Upgrading a package like KDE or Apache may involve changing the versions of underlying packages or modules that in turn are dependencies of other packages that would have to be updated or upgraded to support the change. While just changing a few lines of code to address a security or bug and recompiling is the least disruptive and easiest to test for problems. Also, there is the old saying "You can please some of the people all of the time, and all of the people some of the time, but you can't..." I'm sure that some people would get upset and say: Hey! why are you changing versions and dependencies within a release, all I want is the Bug Fix thank you, you are messing around with all the integration 'tween apps I have set up on my box. Also, I don't see how anybody can call RedHat an "evil-doer" like micros~1 Redhat is just writing install scripts, making CD's and wrapping up packages. They aren't stopping anybody from getting the source and doing anything they want with it. There is nothing stopping anybody from grabbing the source code and making their own RPM's either. As far as the timeliness of the security updates, I dunno? But as far as releasing patched/old vs. releasing new versions, what right have I to demand a new version? I didn't pay for the new version, I didn't even pay for the software, I just paid for the CD's, the Manual, and the packaging system and install support. I think getting critical bug and security patches is about all I have a right to complain about. -Ben. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list