2-3 core releases per year was stated goal right from the beginning, and will continue to be so no matter how many nonames whine about it at/.
If that's too fast for you, then it is, use another distro. There's something for everyone from Debian stable moving at the same pace with ice ages to Gentoo.
Updates will be available for two to three months after the release of the subsequent version; that is, updates for Fedora Core 1 will be provided for two to three months after the release of Fedora Core 2, and so forth.
After that, Fedora Legacy is supposed to provide updates for two additional core releases. So FC1 would be obsoleted when FC4 comes out, so total lifetime would be about 1½ years. Not nearly as long as Debian stable, but not nearly as bad as 6 months either, and after all the nature of FC is to be relatively fast moving, and was from the very beginning. If you're expecting static, you are running wrong distro, if you want slower pace, you can always move to Debian.
Could someone explain why Linux and its utilities have so many critical security notices posted against it?
Because there are quite a few utilities and every piece of software has, as you notice, some mistakes.
The grandparents point was how incredibly ridiculous amount of critical flaws there are in one application, it's over 50 now for IE6, and IE5 and IE5.5 have similar amounts, though quite a few overlap that will probably make over one hundred security vulnerabilities in one application, don't you think that's taking "people make mistakes, but that's okay" argument bit too far? I challenge you to find any one specific piece in those many linux utilities that has anywhere NEAR the amount of problems IE has.
You will find in another child post related to the grandparent where I had attempted to do the same trick with a.pdf. Why didn't OLE merge IE functionality and display the.pdf rather than attempt to search for it?
Usually, it does show acrobat in (i)explorer window (though without toolbar and menu merging)
If you are forced to turn on scripting, you lose the only reason left one could possibly have for running IE, MS-specific dhtml and activex sites.
Sorry but "it may be semi-secure if you turn off everything except html 1.0" is not very good by any stretch, since it's also non-usable at that point.
Sounds kind of hard to swallow, especially if you count electric (and if you don't, its meaningless, all relevant high speed trains ale electric), even though aircraft have the obvious advantage of having lower drag by flying high enough to have thin air.
Invariant? At the very least, you'll want to update packages when security issues are raised (frequent enough to warrant updates aplenty within 6 months)
Generally, no, you don't want new version of a package when security issues are raised.
You want the fix backported to old version so that fixing the security bug causes least possible disturbance.
K-meleon, Moz based browser I use (and have for 3 years both at home and here at work on winders) was fixed by the users with a simple User_Pref
Which is exactly how it's actually fixed on normal Mozilla and Firefox as well. What's your point? That there absolutely shouldn't be a fix easy enough for non-techies to use just because it can be done by fudzing around the hidden config system?
Who needs a 20Mb download, huh?
The people who couldn't possibly understand even about:config, or well, not really, they could always just install the 512 byte shellblock.xpi
As noted, it's been fixed. Immediately. Because there already was a framework for potentially dangerous protocol handlers if was easy to deal with.
IE on the other hand still has exactly same vulnerability, and will only get help with XP SP2 (I guess that means IE on w2k will continue to be vulnerable). That's the difference, all software has bugs, everyone who claims otherwise is a liar or fool, but so far all the security mishaps in open source software get fixed fast, instead of in months, or years.
I think you vastly underestimate age of RPM and overestimate age of Deb.
There was no "superior" debian package format from the beginning, they are of almost same age. RPM's precursor RPP and dpkg's predecessor were introduced in 1994 and both RPM and modern dpkg (though the package format DID go trough another change) in 1995.
If RH had started in, say 1996, maybe they would have "adopted Debian's packaging tools, assuming they were good enough at that point", but alas, they started the development of package managers at the same time and so that could not happen.
Wikipedia gives your average lightning bolt a current of 30kA and voltage of 100MV, over just few milliseconds, which equals to staggering 3 000 000 000 000 Watts (three thousand gigawatts), others quote 10 billion joules which over same 2ms period would be slightly more (5E12 W) so looks like Flux Capacitor was quite badly overdosed.
Even if you had perfect efficiency, I don't think there are 10 constant lightning bolts in the entire country. (Say 1 second for a lightning bolt, and 5 minutes to launch... 3,000 lighning strikes. Not even sure that much hits the whole country in a year.)
Slight underestimation:)
How Many Flashes Are There?
Over the continental 48 states, an average of 20 million cloud-to-ground flashes have been detected every year since the lightning detection network covered all of the continental United States in 1989.
But it also creates jobs in (slightly) different areas that equal the balance.
Why should it matter whether you're working for Microsoft producing proprietary software, or for IBM producing Open Source, or for company <foo> customizing Open Source to fit their needs?
If this product had been there in the beginning, developing of DeCSS might have been illegal, but since it was not, the point is moot.
It was perfectly legal to reverse-engineer DeCSS for compability purposes, all charges against "dvd-jon" have been lifted. It doesn't become any less legal retroactively just because someone finally bothers to release an alternative n years later.
Using DeCSS may be illegal in US, and some other countries, but that's only because DMCA is insane, and prohibits owner of DVD from taking use of his fair use rights, and doesn't have anything at all to do with DeCSS itself.
But it's of course a bad thing as well because this might be the beginning of a trend of having commercial software being stuffed down our throats with each distro.
You talk like this is a first time distro comes bundled with commercial software. Crawl out of the barrel, lots of shrinkwrapped distros have always contained some commercial software, but it's not "stuffed down our throats" and is just stripped out of the free ISOs.
The overlap had been fixed so more than likely you're using 0.9 or a pre-0.9 nightly
The/. overlap has been fixed but it caused a regression and was backed out from 0.9 branch, so no, the fix is NOT included in 0.9 or 0.91 (only difference in 0.92 is the shell: security issue)
You have been watching too much movies. It's a probe, not an orbital weapons platform, or a huge ass bomb (I'm sure you can still "point it at Earth", but that won't accomplish anything any other lump of metal on orbit won't), and only thing expensive in that "system" is the effort of getting it up to space. It probably doesn't have anything to do with any weapons maker whatsoever, space industry in Europe is not nearly as tied to military as it is in USA.
Dinosaur killing impacts by asteroids tens of kilometers in diameter are indeed exceedingly unlikely to happen during lifetime of any of us, but can not be discounted because of the amazing global damage potential they have, nor are they the only ones that are cause for concern, nor could we probably do anything about one, no, the smaller ones are what we should be on look for, as the size goes down the probability of impact goes up, nation destroying events happen somewhere in range of around every 100000 to million years, which is still so rare it's not too realistic to watch out for.
However, Tunguska level impacts happen every five years or so, and blasts in low kiloton range (think Hiroshima) about once a year. Most of these obviously happen over sea or uninhabited land, and even go unnoticed, but it's just a matter of time (and now we're not speaking about millions of years) until one hits a major city wiping out millions of people, or gets mistaken for a nuke on unstable area and starts (possible nuclear) war.
Disintegrate? Where the hell did you get THAT idea from? "Course collection" is what this thing IS doing, it's not Bruce Willis with nuclear bomb.
You don't have much of a change disintegrating 500m asteroid by hitting it with a probe weighting few hundred kilos unless you're doing the ramming at relativistic speeds.
AFAIK, Bugzilla was Slashdotted once before (looks like they tried again yesterday with shell: story), and since it's a very heavy database site, it was unusable for several days, at which point someone decided to feed those pesky slashdotters just a lightweight static page so folks that actually need it could get back to using it.
Slashdot Mirror
2-3 core releases per year was stated goal right from the beginning, and will continue to be so no matter how many nonames whine about it at /.
If that's too fast for you, then it is, use another distro. There's something for everyone from Debian stable moving at the same pace with ice ages to Gentoo.
From RH, not very long.
Updates will be available for two to three months after the release of the subsequent version; that is, updates for Fedora Core 1 will be provided for two to three months after the release of Fedora Core 2, and so forth.
After that, Fedora Legacy is supposed to provide updates for two additional core releases. So FC1 would be obsoleted when FC4 comes out, so total lifetime would be about 1½ years. Not nearly as long as Debian stable, but not nearly as bad as 6 months either, and after all the nature of FC is to be relatively fast moving, and was from the very beginning. If you're expecting static, you are running wrong distro, if you want slower pace, you can always move to Debian.
Effectively it's not the browser that's broken, but their implementation
Word mangling, meaningless.
Effectively if the browser only has one implementation, then the browser IS the implementation.
And if that implementation is broken, then the browser is broken, until they come up with working implementation.
Ah, sorry.
Though to be fair invidual IE fixes hardly are 20Mb downloads either, usually on the order of few hundred kilobytes
I guess you could argue that service packs are large downloads but they patch much more than just IE...
Could someone explain why Linux and its utilities have so many critical security notices posted against it?
Because there are quite a few utilities and every piece of software has, as you notice, some mistakes.
The grandparents point was how incredibly ridiculous amount of critical flaws there are in one application, it's over 50 now for IE6, and IE5 and IE5.5 have similar amounts, though quite a few overlap that will probably make over one hundred security vulnerabilities in one application, don't you think that's taking "people make mistakes, but that's okay" argument bit too far? I challenge you to find any one specific piece in those many linux utilities that has anywhere NEAR the amount of problems IE has.
You will find in another child post related to the grandparent where I had attempted to do the same trick with a .pdf. Why didn't OLE merge IE functionality and display the .pdf rather than attempt to search for it?
Usually, it does show acrobat in (i)explorer window (though without toolbar and menu merging)
And not nearly all apps supports it.
If you are forced to turn on scripting, you lose the only reason left one could possibly have for running IE, MS-specific dhtml and activex sites.
Sorry but "it may be semi-secure if you turn off everything except html 1.0" is not very good by any stretch, since it's also non-usable at that point.
Any number on that trainplane comparison?
Sounds kind of hard to swallow, especially if you count electric (and if you don't, its meaningless, all relevant high speed trains ale electric), even though aircraft have the obvious advantage of having lower drag by flying high enough to have thin air.
Invariant? At the very least, you'll want to update packages when security issues are raised (frequent enough to warrant updates aplenty within 6 months)
Generally, no, you don't want new version of a package when security issues are raised.
You want the fix backported to old version so that fixing the security bug causes least possible disturbance.
K-meleon, Moz based browser I use (and have for 3 years both at home and here at work on winders) was fixed by the users with a simple User_Pref
Which is exactly how it's actually fixed on normal Mozilla and Firefox as well. What's your point? That there absolutely shouldn't be a fix easy enough for non-techies to use just because it can be done by fudzing around the hidden config system?
Who needs a 20Mb download, huh?
The people who couldn't possibly understand even about:config, or well, not really, they could always just install the 512 byte shellblock.xpi
Partially yes, Slashdot html is crap.
Not totally, though, Mozilla did have a bug related to this, it's been fixed now but is not yet included in latest releases.
As noted, it's been fixed. Immediately. Because there already was a framework for potentially dangerous protocol handlers if was easy to deal with.
IE on the other hand still has exactly same vulnerability, and will only get help with XP SP2 (I guess that means IE on w2k will continue to be vulnerable). That's the difference, all software has bugs, everyone who claims otherwise is a liar or fool, but so far all the security mishaps in open source software get fixed fast, instead of in months, or years.
No more than having yum and apt-rpm on the same system.
Doesn't matter how many zillion frontends you have configured if the repositories they use are not incompatible with each other.
I think you vastly underestimate age of RPM and overestimate age of Deb.
There was no "superior" debian package format from the beginning, they are of almost same age. RPM's precursor RPP and dpkg's predecessor were introduced in 1994 and both RPM and modern dpkg (though the package format DID go trough another change) in 1995.
If RH had started in, say 1996, maybe they would have "adopted Debian's packaging tools, assuming they were good enough at that point", but alas, they started the development of package managers at the same time and so that could not happen.
Sure it is. Unless you managed to noticed, this was about GUI.
up2date can only install new packages from command line.
At least slow dependency resolution, possibly rsync too, is solved by apt-rpm, so what's difference between it and urpmi?
Even if you had perfect efficiency, I don't think there are 10 constant lightning bolts in the entire country. (Say 1 second for a lightning bolt, and 5 minutes to launch... 3,000 lighning strikes. Not even sure that much hits the whole country in a year.)
Slight underestimation
But it also creates jobs in (slightly) different areas that equal the balance.
Why should it matter whether you're working for Microsoft producing proprietary software, or for IBM producing Open Source, or for company <foo> customizing Open Source to fit their needs?
If this product had been there in the beginning, developing of DeCSS might have been illegal, but since it was not, the point is moot.
It was perfectly legal to reverse-engineer DeCSS for compability purposes, all charges against "dvd-jon" have been lifted. It doesn't become any less legal retroactively just because someone finally bothers to release an alternative n years later.
Using DeCSS may be illegal in US, and some other countries, but that's only because DMCA is insane, and prohibits owner of DVD from taking use of his fair use rights, and doesn't have anything at all to do with DeCSS itself.
But it's of course a bad thing as well because this might be the beginning of a trend of having commercial software being stuffed down our throats with each distro.
You talk like this is a first time distro comes bundled with commercial software. Crawl out of the barrel, lots of shrinkwrapped distros have always contained some commercial software, but it's not "stuffed down our throats" and is just stripped out of the free ISOs.
The overlap had been fixed so more than likely you're using 0.9 or a pre-0.9 nightly
/. overlap has been fixed but it caused a regression and was backed out from 0.9 branch, so no, the fix is NOT included in 0.9 or 0.91 (only difference in 0.92 is the shell: security issue)
The
You have been watching too much movies. It's a probe, not an orbital weapons platform, or a huge ass bomb (I'm sure you can still "point it at Earth", but that won't accomplish anything any other lump of metal on orbit won't), and only thing expensive in that "system" is the effort of getting it up to space. It probably doesn't have anything to do with any weapons maker whatsoever, space industry in Europe is not nearly as tied to military as it is in USA.
Dinosaur killing impacts by asteroids tens of kilometers in diameter are indeed exceedingly unlikely to happen during lifetime of any of us, but can not be discounted because of the amazing global damage potential they have, nor are they the only ones that are cause for concern, nor could we probably do anything about one, no, the smaller ones are what we should be on look for, as the size goes down the probability of impact goes up, nation destroying events happen somewhere in range of around every 100000 to million years, which is still so rare it's not too realistic to watch out for.
However, Tunguska level impacts happen every five years or so, and blasts in low kiloton range (think Hiroshima) about once a year. Most of these obviously happen over sea or uninhabited land, and even go unnoticed, but it's just a matter of time (and now we're not speaking about millions of years) until one hits a major city wiping out millions of people, or gets mistaken for a nuke on unstable area and starts (possible nuclear) war.
Only way you could destroy a missile with that thing is to drop it on top of the missile - while it's on launch pad.
No. It's OBVIOUSLY not a missile defense system, in any meaning of the word.
Disintegrate? Where the hell did you get THAT idea from? "Course collection" is what this thing IS doing, it's not Bruce Willis with nuclear bomb.
You don't have much of a change disintegrating 500m asteroid by hitting it with a probe weighting few hundred kilos unless you're doing the ramming at relativistic speeds.
AFAIK, Bugzilla was Slashdotted once before (looks like they tried again yesterday with shell: story), and since it's a very heavy database site, it was unusable for several days, at which point someone decided to feed those pesky slashdotters just a lightweight static page so folks that actually need it could get back to using it.