|
|
|
|
|
|
by moe
5607 days ago
|
|
|
Well, this ignores the reality of how most linux distributions are maintained. Version numbers are not supposed to change after the fact in a stable-release, hence security fixes get backported (every distro has a security-team for this). If PCI requires a less tested newer version over a battle-scarred (patched up) older one then PCI is working against its own stated goal. It doesn't take much wisdom to realize that it's less likely for new bugs to crop up in the 0.9.8 openssl that Debian ships than in the 1.0.0c that RHEL6 bundles (just one month after release!). New software has bugs. Old software has less bugs. |
|
|