9 Sep
2017
9 Sep
'17
11:56 a.m.
Martin Pauly wrote:
And missing lots of other fixes, documentation updates, etc.
IMO, there one good idea in the Debian approach: Treat security fixes sperately from any functional changes.
Note that upstream OpenSSL security fixes were also released quickly without any other changes. No need to do back-ports. The main problem is that Linux distributors fall behind way too far.
No matter what improvements a new version brings, you almost always want to have a stable, secure environment you can build your next enhancement on.
For whatever definition of "stable" and "secure"... IMO considering outdated distribution packages as being more "stable" or "secure" per se is plain wrong. Ciao, Michael.