| As someone who used Gentoo for over a decade, including in production environments - I disagree. Its a falsehood pushed by old 80's thinking. It sounds nice, in theory. In practice, what you often get are bugfix patches blindly applied to older codebases, oftentimes by people (distro maintainers) who are not very familiar with the codebase. As long as the patch applies, and it passes various tests. Remember, most OSS projects - including some critical ones - do not have large teams of devs able to maintain multiple codelines in tandem. Usually, the dev(s) just work on the latest, and pay only cursory attention to applying security bugfixes to older versions. After all, how is an OSS dev for proj X meant to know (or even give a damn for) which distro arbitrarily decided which older version is somehow the SECURE and BLESSED one. The dev in question probably moved on from that version months (and in regard to Debian, probably YEARS) ago. So in theory, what you said sounds right. In practice, no. |