Comment by tamirzb
4 days ago
> Know this - your kernel is not patched unless you run the absolute latest version.
This is correct for a lot of different software, probably most of it. Why is this a point that needs to be made?
4 days ago
> Know this - your kernel is not patched unless you run the absolute latest version.
This is correct for a lot of different software, probably most of it. Why is this a point that needs to be made?
(Parent has already replied by editing their original comment, but I'll tack on a bit more info, from my perspective.)
The reason this has to be emphasized is that all new code runs the risk of regressions, and in a production environment, you hate regressions. Therefore, not only do you not want new features, but you also don't want irrelevant bug fixes. Bug fixes, even security fixes, are not magically free of independent regressions. Therefore a valid incentive exists to minimize backports to production environments. And such a balancing act depends on the careful investigation of the impact of known bugs, one by one.
From the fine blog post:
> For those that are always worried “what if a bugfix causes problems”, they should remember that a fix for a known bug is better than the potential of a fix causing a future problem as future problems, when found, will be fixed then.
A whole lot of users can disagree with this. For good, practical reasons. The expected damage of a known bug may be estimated, while an unknown regression brought in by the fix for the known bug may cause way worse damage.