Rahul Sundaram wrote:
Les Mikesell wrote:
Personally, I think the correct approach is to replace such things with a rebuilt RHEL version where the fix will actually have some QA before dropping into users' laps, but...
Fedora is most cases, is way ahead in versions and that strategy won't work much. You could borrow a few fixes like Fedora Legacy used to but that is a small number.
It would only work in the versions where the code cycle continued into RHEL and would take some coordination even there, with the tradeoff that no duplicate work would ever need to be done on the development side and there would be no incompatible version jumps to cause trouble on the user side.
But, how many things have big security risks anyway? In most cases the ones to worry about are just the kernel, network daemons, and suid programs - mostly things with standardized interfaces so backing up a version or two shouldn't break anything.