On 08/25/2012 11:35 PM, Jamie Duncan wrote:
This is something I've always wondered, but never seen
a consistent attitude on
When a RHEL-derived distribution find new vulnerabilities, what
process do they go to report and address them?
* Do they go directly upstream?
* Do they report them in RHEL's bugzilla?
* Do they patch internally?
* Other?
Over the years I've seen conflicing information in various forums, and
I've always wondered if there was a consistent method that was addressed.
Cheers,
jduncan
For SL, we generally advise posting directly to upstream if it is an
upstream problem. SL issues happen, but generally, problems are best
resolved there. That way the whole community can benefit from the fix
while remaining fully compatible with upstream. One of the best ways we
can give back to our upstream providers is fixes, or at least guide them
towards problems.
--
Pat Riehecky
Scientific Linux Developer