undefined | Better HN

0 points_yy10y ago0 comments

That's why Debian Stable and RHEL exist. Security patches don't break the API.

0 comments

I am willing to believe that they come closer to the ideal than others, but nobody is perfect, and I'd rather discover incompatibilities myself, when I'm getting a new version of my app ready, before shipping, instead of trying to understand why random users are incoherently reporting impossible app failures.

falcolas10y ago

> Security patches don't break the API.

shouldn't

When the patched library is not part of Debian Stable or RHEL's repositories (for example, if you require features from a release less than a year old) all bets of API stability are off.

OpenSSL and libc are not the only libraries which are patched for security that people use.

jvoorhis10y ago

And heaven help you if RedHat decides not to backport a critical bugfix. OpenSSL on CentOS 6 has 99 patch files, a script named "hobble-openssl" and non-trivial changes to the build system that affect linkage, making DIY backports less than trivial.

j / k navigate · click thread line to collapse