-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Mar 2003 05:55:45 -0500 (EST), Mike A. Harris wrote:
> On 13 Mar 2003, Philip Wyett wrote: > > >No, the version in AS is 1.1.3 and until someone updates the rpm to say > >it's 1.1.4, it is 1.1.3. So they maybe back ported the fix, but there is > >no direct info related to AS that says it has the fix and it is not an > >AS users job to go search other RH versions errata or checking the 1.1.3 > >source rpm or rpm --changelog and seeing if the issue has been > >addressed. > > The 1.1.3 RPM will not be updated to say it is 1.1.4 because it > is not 1.1.4. Red Hat RPM packages, in addition to containing > the version of the software that is indicated, contain various > bug fixes, security fixes, enhancements and other patches that > are a part of the OS engineering process. Unfortunately, this versioning scheme and lack of knowledge of Red Hat's back-porting efforts are the source of a common misconception among fussy admins as well as home users. Although I'm familiar with the methods, I would not mind if *every* security advisory from Red Hat pointed out when an erratum contains a back-ported fix and therefore remains at a lower version number than suggested by the software vendor. Because vendors' security advisories find their way onto the News web sites. And people read such security news more carefully than Red Hat's advisories. IMO it is not uncommon, that when they read they are recommended to upgrade to the latest version of software XYZ, they get the tarball. Or someone with lack of insight examines the company's web server with e.g. "wget --server" and complains that an "old" version of Apache, which contains vulnerabilities, is running. It's the source of unfortunate misunderstandings. Even adding a timestamp to a version might help. - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+chNF0iMVcrivHFQRAoGfAKCA1vHhsPL0Ptr0ekkBdcml3OjVxgCcDIg2 Xfmyb9BlteP0eGNf+PqlrZ8= =qzKn -----END PGP SIGNATURE----- -- Phoebe-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/phoebe-list
