So does it mean that linux is rolling out updates but these updates do not consider security? Just curious about this thing, I just started using linux and this topic is interesting for me
It means that there are bug fixesall the time, but most of the time no one sorts these into "security" and "non-security" categories.
I remember a message (I can't find it back right now) where this is explained. Basically the thinking is that a lot of bugs can be used to break security, but sometimes it takes a lot of effort to figure out how to exploit a bug.
So you have some choices:
* Research every bug to find out the security implications, which is additional work on top of fixing the bug.
* Mark only the bugs that have known security implications as security fixes, basically guaranteeing that you will miss some that you haven't researched.
* Consider all bugs as potentially having security implications. This is basically what they do now.
I remember a message (I can't find it back right now) where this is explained. Basically the thinking is that a lot of bugs can be used to break security, but sometimes it takes a lot of effort to figure out how to exploit a bug.
So you have some choices:
* Research every bug to find out the security implications, which is additional work on top of fixing the bug.
* Mark only the bugs that have known security implications as security fixes, basically guaranteeing that you will miss some that you haven't researched.
* Consider all bugs as potentially having security implications. This is basically what they do now.