| ▲ | akerl_ 7 hours ago | |
You get a lower risk of them pulling in a bleeding edge vulnerability, but a higher risk that you'll get stuck with an old bug waiting for the maintainer to pull in a patch. Then there's the risk that in their attempt to cherry pick, they don't actually mitigate the issue (or introduce more issues based on how they diverge from upstream). There's no silver bullets here. | ||
| ▲ | armada651 4 hours ago | parent | next [-] | |
> There's no silver bullets here. Because it's a trade-off, just like stability is, they're both software bugs in the end so mitigating them has similar pros and cons. | ||
| ▲ | skydhash 5 hours ago | parent | prev [-] | |
> but a higher risk that you'll get stuck with an old bug waiting for the maintainer to pull in a patch. Then there's the risk that in their attempt to cherry pick, they don't actually mitigate the issue Which is why the whole process is open sourced and you can get easily the source version of a package, edit it and rebuild it. | ||