This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Glibc stable release process (Glibc 2.26.1)
- From: Arjan van de Ven <arjan at linux dot intel dot com>
- To: siddhesh at sourceware dot org, "Andreas K. Huettel" <dilfridge at gentoo dot org>, libc-alpha at sourceware dot org
- Cc: Zack Weinberg <zackw at panix dot com>, "Yann E. MORIN" <yann dot morin dot 1998 at free dot fr>, Tulio Magno Quites Machado Filho <tuliom at linux dot vnet dot ibm dot com>, Romain Naour <romain dot naour at gmail dot com>, Joseph Myers <joseph at codesourcery dot com>, "Gabriel F. T. Gomes" <gabriel at inconstante dot eti dot br>, Paul Eggert <eggert at cs dot ucla dot edu>
- Date: Tue, 3 Oct 2017 04:28:54 -0700
- Subject: Re: Glibc stable release process (Glibc 2.26.1)
- Authentication-results: sourceware.org; auth=none
- References: <60f78cac-9cf4-51b1-9ade-21cd09783d96@gmail.com> <CAKCAbMj3ByTofE=WsKV-SXOCWyJYStRKvP3DA9ttiW2hUNZffA@mail.gmail.com> <5c98c67b-52a9-dcff-eda7-0f16b8ab478d@sourceware.org> <2839686.ckfu0BZrXq@porto> <1a7977d1-d5e5-f87c-40cb-5ad791f96a76@linux.intel.com> <f5b45af0-c622-c198-78ef-005ad6c463cd@sourceware.org>
On 10/2/2017 9:49 PM, Siddhesh Poyarekar wrote:
Agreed and most users don't even look at the packages, they look at
release notes.
actually users increasingly use automated scanners to check for CVE compliance, and in first order those
look at version numbers.
Sure for some of the bigger distros those scanners also know which minor package build
a CVE got fixed, so perhaps Fedora does not care ;-)