[CentOS-devel] CentOS-[56] Continous Release

Tue Jun 21 22:48:38 UTC 2011
Les Mikesell <lesmikesell at gmail.com>

On 6/21/2011 5:36 PM, Karanbir Singh wrote:
> On 06/21/2011 09:26 PM, Les Mikesell wrote:
>> So, again, under what circumstances does anyone think it is a good idea
>> to not opt into this repo and instead keep running code that will very
>> likely have published exploits over a time span that we've seen can run
>> for months?
> Sounds like a good question to bring up at your next user group meeting.
>   From the CentOS perspective, its important we give people the
> opportunity to get these packages as soon as possible so they can make
> their choice.
> I dont particularly care about their religious choice or their internal
> implementation policies, and this list isn't the place to bash them around.

Let's say we disagree about choosing to continue to run software with 
known/published exploits.  I think you need very, very, good reasons to 
make that choice, which is why I think the choice should be opt-out, not 
in.  It may be a matter of faith one way or another, but I think there 
is a lot more reason to risk installing the fixes than to leave it as a 
matter of time until someone takes over your machines for DDOS attacks 
against others or worse.

   Les Mikesell
    lesmikesell at gmail.com