[aerogear-dev] security updates
Bruno Oliveira
bruno at abstractj.org
Fri Mar 14 04:25:26 EDT 2014
I think we need to discuss in a meeting. I also would like to hear from Gorkem the implications on it. Other than that, we can’t wait 12 months to apply security updates.
--
abstractj
On March 11, 2014 at 2:12:15 PM, Burr Sutter (bsutter at redhat.com) wrote:
> > We are going to have to support a range of Cordova versions for
> the following reasons:
> 1) Sync'ing with JBDS
> 2) Sync'ing with what is supported at any given moment - where
> the supported version may only update 2 times a year
> 3) Addressing the fact that customers are slow to upgrade unless
> there is a very real problem exposed in their specific application
> - for example, if they don't use a particular Cordova plugin then
> they might ignore a particular vulnerability that is tied to
> a specific plugin. Another example, if their apps are only used
> on 25 corporate executives phones, then they might determine
> the vulnerability is less important (small, fixed audience).
>
> We will need to pick a specific time window for all parties to "catch
> up" like 12 months.
More information about the aerogear-dev
mailing list