On Fri, 2002-12-13 at 12:54, David van Hoose wrote:
> You are not alone.
> I sent RedHat a message addressing the issue about how they are
> releasing older packages with their set of security fixes rather than
> helping patch the program's CVS so that ALL of the newer versions of the
> program will be patched. I find that RedHat is in essence pulling a
> Micro$oft in that they will not share.
> I find it kind of iritating that RH just released an update for KDE
> 3.0.3 instead of releasing 3.0.5 which had the same fixes. Some programs
> should be tested, but others are already being tested and fixed on a
> daily basis.
> I think that if we all complain about this, that they might modify their
> policy on security fixes.
>
> -David
>
> Matthew Boeckman wrote:
Just an idea... Maybe RedHat has very good reasons for doing it the
way that they are.
There may be lot's of dependencies involved. Upgrading a package like
KDE or Apache may involve changing the versions of underlying packages
or modules that in turn are dependencies of other packages that would
have to be updated or upgraded to support the change. While just
changing a few lines of code to address a security or bug and
recompiling is the least disruptive and easiest to test for problems.
Also, there is the old saying "You can please some of the people all of
the time, and all of the people some of the time, but you can't..."
I'm sure that some people would get upset and say:
Hey! why are you changing versions and dependencies within a
release, all I want is the Bug Fix thank you, you are messing
around with all the integration 'tween apps I have set up on
my box.
Also, I don't see how anybody can call RedHat an "evil-doer" like
micros~1 Redhat is just writing install scripts, making CD's and
wrapping up packages. They aren't stopping anybody from getting the
source and doing anything they want with it.
There is nothing stopping anybody from grabbing the source code and
making their own RPM's either.
As far as the timeliness of the security updates, I dunno?
But as far as releasing patched/old vs. releasing new versions,
what right have I to demand a new version? I didn't pay for the
new version, I didn't even pay for the software, I just paid for
the CD's, the Manual, and the packaging system and install support.
I think getting critical bug and security patches is about all
I have a right to complain about.
-Ben.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
