On 06/21/2011 04:41 PM, Les Mikesell wrote: > I'm pointing out that running for any length of time without fixing > known vulnerabilities is a very bad. Even if it is a local root > escalation - if you also have an exploit in a network app (like the > bazillion in php and its apps, struts, etc.) the two can be combined to > take over the machine and it is mostly a matter of time until it happens > (and yes, this is from experience...). And I thought last time around > you said these packages would go through the normal qa process before > even going into the option CR repo, so I'll repeat the question as to > why you think something is going to be wrong with them. I can see > wanting some reasonable number of machines to run them as a test, but > still don't understand why anyone would want to continue to run with > known problems instead of having them fixed. > I think you need to re-read the thread a bit, you are getting confused about what we are doing and what Wolfy said was happening in Fedora. - KB