help-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2017-14482 - Red Hat Customer Portal


From: Maxim Cournoyer
Subject: Re: CVE-2017-14482 - Red Hat Customer Portal
Date: Sun, 24 Sep 2017 13:17:41 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Emanuel Berg <moasen@zoho.com> writes:

> Bob Proulx wrote:
>
>> That's great! Using distributions with
>> security teams much simplifies things for the
>> end user. Otherwise every user would need to
>> closely follow each and every one of the
>> zillion software projects installed on their
>> system. Software packaging makes
>> this simpler.
>
> Yes, except for some cases, because it requires
> that enough people use it so that the stuff is
> kept up to date.
>
> For example, there should be many lispers
> reading this. SBCL, ECL, CCL, what have you.
> Take a look at the software in your repos.
> Compare it to the versions you'd find on the
> web. People aren't cool enough in general for
> the really cool people to find what they want.
>
> Why it has to be like this I have no idea.
> Why can't you get the latest stuff the
> same way?
>
> And it is not about getting the bleeding edge
> just for the sake of it. Some stuff is really,
> really outdated and there is no way around it
> except bypassing the package
> manager altogether.

Have you heard about GNU Guix/GuixSD[1]? While not all the packages are
always at the latest version, the maintainers strive to keep the CVEs patched
and it is otherwise straightforward to update a package definition and
use it locally (no need to be root!), or better, contribute the
patch back.

In fact, I see some people starting to use Guix atop traditional distros
to get bleeding edge packages.

Maxim

[1]  https://www.gnu.org/software/guix/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]