[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz
From:       Ian Zimmerman <itz () very ! loosely ! org>
Date:       2019-06-21 15:08:36
Message-ID: 20190621150836.ieiciui3n6vrd5wb () matica ! foolinux ! mooo ! com
[Download RAW message or body]

On 2019-06-21 10:57, Simon McVittie wrote:

> If upstream projects have a stable branch that is genuinely stable
> and bugfix-only to minimize the risk of regressions, and encourage
> downstream distributions to align on the latest stable branch during
> their development phase, then I think that goes a long way towards this.
> If I understand correctly, PostgreSQL is one of the canonical examples of
> a project that does this, and gets its upstream point releases included
> in stability-focused projects like Debian as-is.

Doesn't this simply shift the work of backporting ("crazy and bound to
always fail in the end") from the distro maintainer to the upstream
stable branch maintainer?  He/she is more like "midstream" working in
that role.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.
[prev in list] [next in list] [prev in thread] [next in thread]