[Montreal-pm] Interesting article on a controversy surrounding the perl 5.16 release
James E Keenan
jkeen at verizon.net
Ven 2 Mar 15:24:39 PST 2012
On 3/2/12 11:54 AM, Olivier Bilodeau wrote:
> http://lwn.net/SubscriberLink/484297/904463418f8ab3aa/
>
> My own 2 cents:
>
> If the security bug is already present in released perl versions (5.12,
> 5.14, etc.) then it shouldn't block the 5.16 release but it should be
> fixed as soon as possible and backported appropriately.
... which, of course, is exactly what the Perl 5 Porters do in such
cases. We will backport security fixes to *supported* versions of Perl.
Once 5.16 is released, 5.14 and 5.16 will be the supported versions.
(That doesn't preclude someone other than p5p backporting security fixes
to older versions of Perl.)
On the one hand, I congratulate the author of that article for having
the patience to wade through a very long discussion on
perl.perl5.porters. On the other hand, he's a tad alarmist when he
suggests that publicly referring to the existence of security bugs in a
software application increases the insecurity of that application
because it attracts more attention from crackers. If that were the
case, then any and all public discussion of any security problems in any
software applications ought to be banned.
Thank you very much.
Jim Keenan
Plus d'informations sur la liste de diffusion Montreal-pm