[OpenAFS-devel] Re: CVE-2011-0430 and CVE-2011-0431
Russ Allbery
rra@stanford.edu
Tue, 08 Mar 2011 09:49:01 -0800
Derrick Brashear <shadow@gmail.com> writes:
> Atro Tossavainen <atro.tossavainen+openafs@helsinki.fi> wrote:
>> I wouldn't even want to try going there :)
>> I was just trying to explain what I thought was the reason. =C2=A0I'm not
>> taking a stance on whether it's sensible or whether OpenAFS should try
>> to accommodate any particular third party with its version numbering
>> scheme as you suggest :-)
> gzcat openafs-1.4.14-src.tar.gz|sed s/1.4.14/1.4.12.1/g |gzip -9 >
> openafs-1.4.12.1a-src.tar.gz
Regardless of how the version number changes, humans read and review the
diffs going into a Debian stable release and only minimal changes to fix
qualifying bugs are accepted.
There are backports of the newer Debian packages available from
backports.debian.org for those who want to move forward faster, and often
for OpenAFS (particularly for servers; clients tend to have fewer issues)
this is recommended.
I can't speak to Ubuntu directly, but my understanding is that they follow
basically similar policies and also have a backports archive.
--=20
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>