[CentOS-devel] CentOS-[56] Continous Release

Tue Jun 21 16:35:45 UTC 2011
Karanbir Singh <mail-lists at karan.org>

On 06/21/2011 04:41 PM, Les Mikesell wrote:
> I'm pointing out that running for any length of time without fixing
> known vulnerabilities is a very bad.  Even if it is a local root
> escalation - if you also have an exploit in a network app (like the
> bazillion in php and its apps, struts, etc.) the two can be combined to
> take over the machine and it is mostly a matter of time until it happens
> (and yes, this is from experience...).  And I thought last time around
> you said these packages would go through the normal qa process before
> even going into the option CR repo, so I'll repeat the question as to
> why you think something is going to be wrong with them.  I can see
> wanting some reasonable number of machines to run them as a test, but
> still don't understand why anyone would want to continue to run with
> known problems instead of having them fixed.

I think you need to re-read the thread a bit, you are getting confused 
about what we are doing and what Wolfy said was happening in Fedora.

- KB