~mpldr/website

94a12822c99392eb7a20334bd370d0f78e01647e — Moritz Poldrack a month ago 8f99074
expand the stable distro post by a missed point
1 files changed, 6 insertions(+), 3 deletions(-)

M content/blog/stable-genius.md
M content/blog/stable-genius.md => content/blog/stable-genius.md +6 -3
@@ 123,9 123,12 @@ They have thwarted countless attacks on systems that should've been updated to
a supported version ages ago.

Despite these impressive efforts, two things must not be underestimated: the
potential for new bugs. No matter how good the developers doing the backporting
are, it is impossible to say if some of the backports themselves contain bugs,
potentially security relevant ones.
potential for new bugs and CVE-less security fixes. No matter how good the
developers doing the backporting are, it is impossible to say if some of the
backports themselves contain bugs, potentially security relevant ones.
Additionally, not every security related bug is assigned a CVE. Probably nor
even close. Those will not pop up on the backporter's radar and will remain
unfixed.

## How to do it better?