On Tue, May 02, 2006 at 04:10:27PM +0100, David Litchfield wrote:
> That's what good regular patches allow me to do. The benefits
> are absolutely clear. There are two major problems that can
> cause these benefits to evaporate into thin air, however.
> 1) Late Patches
> 2) Re-issued Patches
3) Artificially late patches -- those which could be made
available ahead of usual schedule to reduce vulnerability window.
I guess regular approach is OK for low-to-moderate but guarantees
enough additional headache for critical updates. After all, it's
only vendor-found ones that can wait, and that's not exactly
"responsible" too since nobody can tell for sure the particular
problem isn't already known out there.
---- WBR, Michael Shigorin