alt Hacker NewsYou get a lower risk of them pulling in a bleeding edge vulnerability, but a higher risk that you'll get stuck with an old bug waiting for the maintainer to pull in a patch. Then there's the risk that in their attempt to cherry pick, they don't actually mitigate the issue (or introduce more issues based on how they diverge from upstream).
There's no silver bullets here.
Replies
skydhash • today at 5:29 AM
> but a higher risk that you'll get stuck with an old bug waiting for the maintainer to pull in a patch. Then there's the risk that in their attempt to cherry pick, they don't actually mitigate the issue
Which is why the whole process is open sourced and you can get easily the source version of a package, edit it and rebuild it.
> There's no silver bullets here.
Because it's a trade-off, just like stability is, they're both software bugs in the end so mitigating them has similar pros and cons.