I'm a little disturbed by something I'm seeing with the way that RH
manages RPM security updates. It's almost microsoftian they way they are
tending to take weeks or months to address critical security holes.
For example, the recent Apache<1.3.27 shared memory exploit, originally
announced Aug 8 2002:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839
that RedHat just released updates for today:
http://www.linuxsecurity.com/advisories/redhat_advisory-2659.html
Fully 4 months after the original patch from Apache! I can accept a
certain amount of lead time for QA testing and such, but this is not an
isolated incident, and I for one am not amenable to running an insecure
webserver for 120+ days!
Because of this, I find myself using less and less RPM and more and more
source tarball compiles, because I do not feel that RedHat is addressing
security concerns in a timely manner.
Am I alone in this feeling? Is RedHat doing anything to speed up that
process?
--
Matthew Boeckman (816) 777-2160
Manager - Systems Integration Saepio Technologies
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
- Re: RedHat, RPMS, and updates Matthew Boeckman
- Re: RedHat, RPMS, and updates Mike Burger
- Re: RedHat, RPMS, and updates Matthew Boeckman
- Re: RedHat, RPMS, and updates Bret Hughes
- Re: RedHat, RPMS, and updates Chuck Mead
- Re: RedHat, RPMS, and updates mklinke
- Re: RedHat, RPMS, and updates Gordon Messmer
- Re: RedHat, RPMS, and updates mklinke
- Re: RedHat, RPMS, and updat... Gordon Messmer
- Re: RedHat, RPMS, and updat... mklinke
- Re: RedHat, RPMS, and updat... Gordon Messmer