[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87r7rh59r8.fsf@deneb.enyo.de>
From: fw at deneb.enyo.de (Florian Weimer)
Subject: Is Mozilla's "patch" enough?
* Aviv Raff:
> On Mon, 12 Jul 2004 20:34:44 +0200, Florian Weimer <fw@...eb.enyo.de> wrote:
>> * Aviv Raff:
>>
>> > Security patches shouldn't be overridden unless intended too (i.e
>> > uninstalled).
>>
>> This is not standard industry practice. Especially if a patch might
>> break previously working configuration, I completely agree that it's
>> correct.
>
> That's why there should be a way to uninstall the patch, as I wrote.
This requires that you have individual patches for each vulnerability,
something that is often practically impossible (because of
combinatoric explosion) and is a support nightmare if it is possible.
Those vendors supplying source code are far better off in this area.
You simply pick the parts you like and recompile your own version.
Powered by blists - more mailing lists