[TriLUG] RH Updates

Tom 'spot' Callaway tcallawa at redhat.com
Fri Nov 8 10:37:24 EST 2002


On Thu, 2002-11-07 at 20:09, Tanner Lovelace wrote:
> On Thu, 2002-11-07 at 09:38, Jon Carnes wrote:
> > In general the RPM fix for a vulnerability will follow
> > within 8 hours of the fix being available via source.
> > 
> > The slowest I've seen an rpm fix come out in rpm is 2 days after the
> > Source was fixed.  Of course that can seem like an eternity!
> 
> Well, Jon,
> 
> Take a look at this URL:
> 
> http://lwn.net/Vulnerabilities/14029/
> 
> Not only did it not come out within a few days, it took almost
> two weeks for Redhat to come out with a fix.  Five other distributions
> had fixes out before redhat did.
> 
> Now, perhaps Redhat's system isn't affected by this, but even so,
> with so many other vendors fixing it, I believe they should
> have at least said something about it.

Note that this was for kadmind v4, which had no init script, and would
have to be manually run and implemented by the sysadmin... hence, it was
extremely low priority. I think Red Hat still should have made a formal
statement to that end, however, since I was sending that out to
customers in the interim.

Yup, thats me, advisor for Red Hat security issues, big and small. :)

~spot
---
Tom "spot" Callaway <tcallawa(a)redhat*com> Red Hat Sales Engineer
Sair Linux and GNU Certified Administrator (LCA)
Red Hat Certified Engineer (RHCE)
GPG: D786 8B22 D9DB 1F8B 4AB7  448E 3C5E 99AD 9305 4260

The words and opinions reflected in this message do not necessarily
reflect those of my employer, Red Hat, and belong solely to me.

"Immature poets borrow, mature poets steal." --- T. S. Eliot




More information about the TriLUG mailing list