[OpenAFS-devel] Re: CVE-2011-0430 and CVE-2011-0431
Derrick Brashear
shadow@gmail.com
Tue, 8 Mar 2011 12:52:10 -0500
On Tue, Mar 8, 2011 at 12:49 PM, Russ Allbery <rra@stanford.edu> wrote:
> Derrick Brashear <shadow@gmail.com> writes:
>> Atro Tossavainen <atro.tossavainen+openafs@helsinki.fi> wrote:
>
>>> I wouldn't even want to try going there :)
>
>>> I was just trying to explain what I thought was the reason. =A0I'm not
>>> taking a stance on whether it's sensible or whether OpenAFS should try
>>> to accommodate any particular third party with its version numbering
>>> scheme as you suggest :-)
>
>> gzcat openafs-1.4.14-src.tar.gz|sed s/1.4.14/1.4.12.1/g |gzip -9 >
>> openafs-1.4.12.1a-src.tar.gz
>
> Regardless of how the version number changes, humans read and review the
> diffs going into a Debian stable release and only minimal changes to fix
> qualifying bugs are accepted.
basically, if the fix is invasive, you have to live with the bug.
which is why i continually mock their idea of what stable is.
i like my machines to stay up.
--=20
Derrick