[OT Security PSA] Shellshock: Update your bash, now!

[eles via Digitalmars-d-announce]

On Friday, 3 October 2014 at 11:51:08 UTC, Dicebot wrote:
> On Friday, 3 October 2014 at 11:31:07 UTC, eles wrote:
>> The former attempt stability (because all packages are tested 
>> together, along with their interactions), while the latter 
>> attempt cutting-edge software (you update software as it gets 
>> produced).
>
> This generally true but not entirely true. Rolling release 
> model also implies testing of package inter-operation but any 
> guarantees only apply to versions that match specific 
> repository snapshot - most problems arise from trying to update 
> some of packages but not all. At least this is the case for 
> Arch.

Yes, kinda true, however there is a compromise between the 
dailyness of the updates and the depth of tests.

Release-style distributions have one more difference: they 
guarantee support for the provided software during the lifetime 
of the distribution. They might not provide new versions, but 
will provide security patches.

Even if a software is abandoned by its own author one day after 
the release gets out, at least in theory, the release team will 
continue to provide patches to ensure that the software maintains 
the interoperability and the security level with the rest of the 
distribution.

That alone and is quite an effort, but it matters for entreprise 
customers.

Rolling distributions are more like: "well, that software is not 
developed anymore, either you maintaint yourself, either you 
stick with the old version at your own risk."