Now that we just had another mailing list question about running old
versions of CentOS, I see that my suggested FAQ addition wasn't
added. Did I make my suggestion in the wrong place? What should I do
next?
___
CentOS mailing list
CentOS@centos.org
http:
On Mon, Sep 29, 2014 at 8:36 AM, Lamar Owen wrote:
> I read the thread before replying, and didn't see anyone mention that, if
> one needs an open source stay-on-a-point-release setup, one should
> investigate Scientific Linux, which does do this. Yes, you can stay on 5.4
> and get only the secu
On 09/29/2014 04:15 AM, lheck...@users.sourceforge.net wrote:
William Woods writes:
5.4 ? really???. 5.4 ? you have a lot of other issues to worry about.
Repeating it three times doesn't make an arrogant statement more true.
There are corporate environments that cannot upgrade for vario
On 29 Sep 2014 07:47, "John R Pierce" wrote:
>
> On 9/28/2014 11:39 PM, James Hogarth wrote:
>>
>> https://access.redhat.com/security/cve/CVE-2014-7186
>>
>> Looks like we may find one more bash patch at least yet then.
>
>
> per https://rhn.redhat.com/errata/RHSA-2014-1306.htm the fix for 7187
a
William Woods writes:
> 5.4 ? really???. 5.4 ? you have a lot of other issues to worry about.
Repeating it three times doesn't make an arrogant statement more true.
There are corporate environments that cannot upgrade for various reasons.
Also, the history and performance of e.g autofs on RHE
On 09/29/2014 01:46 AM, John R Pierce wrote:
> On 9/28/2014 11:39 PM, James Hogarth wrote:
>> https://access.redhat.com/security/cve/CVE-2014-7186
>>
>> Looks like we may find one more bash patch at least yet then.
>
> per https://rhn.redhat.com/errata/RHSA-2014-1306.htm the fix for 7187
> and 71
On 9/28/2014 11:39 PM, James Hogarth wrote:
https://access.redhat.com/security/cve/CVE-2014-7186
Looks like we may find one more bash patch at least yet then.
per https://rhn.redhat.com/errata/RHSA-2014-1306.htm the fix for 7187
and 7186 is already included in the updated fix that was releas
On 29 Sep 2014 07:37, "James Hogarth" wrote:
>
>
> On 29 Sep 2014 05:37, "Frank Cox" wrote:
> >
> > Looks like the bash exploit tune may still be playing
> >
> >
http://www.itnews.com.au/News/396256,further-flaws-render-shellshock-patch-ineffective.aspx
> >
>
> Well 7169 is already patched, 7
On 29 Sep 2014 05:37, "Frank Cox" wrote:
>
> Looks like the bash exploit tune may still be playing
>
>
http://www.itnews.com.au/News/396256,further-flaws-render-shellshock-patch-ineffective.aspx
>
Well 7169 is already patched, 7186 isn't in the RH database so it would
appear they don't consid
Looks like the bash exploit tune may still be playing
http://www.itnews.com.au/News/396256,further-flaws-render-shellshock-patch-ineffective.aspx
--
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
___
CentOS mailing list
CentO
On Sun, Sep 28, 2014 at 6:13 PM, Vojin Urosevic wrote:
> On Sun, Sep 28, 2014 at 6:32 PM, Les Mikesell wrote:
>
>> On Sun, Sep 28, 2014 at 12:22 PM, Greg Lindahl wrote:
>> >>
>> > A third source is companies with homegrown code deployed on CentOS
>> > servers and poor-quality test suites. They t
On Sun, Sep 28, 2014 at 6:32 PM, Les Mikesell wrote:
> On Sun, Sep 28, 2014 at 12:22 PM, Greg Lindahl wrote:
> >>
> > A third source is companies with homegrown code deployed on CentOS
> > servers and poor-quality test suites. They tend to be in the "omg
> > never change anything unless forced a
On Sun, Sep 28, 2014 at 12:22 PM, Greg Lindahl wrote:
>>
> A third source is companies with homegrown code deployed on CentOS
> servers and poor-quality test suites. They tend to be in the "omg
> never change anything unless forced at gunpoint!" camp. It's an
> unfortunate situation, and it can co
> On Sep 28, 2014, at 11:22, Greg Lindahl wrote:
>
>
> Not sure that this goes in the FAQ, though!
No. If people have a good reason for doing it, they will generally know that
reason. If the don't know one, they probably have no real need for staying at
the earlier release.
___
On Sun, Sep 28, 2014 at 01:32:38PM +0200, Leon Fauster wrote:
> It would be great to get some feedback what such cases
> are, that let people stay on older releases?
Upstream can change the kernel module API quite violently in minor
releases, which means that hardware products that have associ
Am 28.09.2014 um 02:22 schrieb Greg Lindahl :
> On Sun, Sep 28, 2014 at 02:12:27AM +0200, Leon Fauster wrote:
>> Am 27.09.2014 um 23:53 schrieb Greg Lindahl :
>>> If you really need to run an old minor version, you should consider
>>> paying for the upstream Enterprise Linux. They keep all the old
On Sun, Sep 28, 2014 at 02:12:27AM +0200, Leon Fauster wrote:
> Am 27.09.2014 um 23:53 schrieb Greg Lindahl :
> > If you really need to run an old minor version, you should consider
> > paying for the upstream Enterprise Linux. They keep all the old minor
> > versions up-to-date with regard to secu
Am 27.09.2014 um 23:53 schrieb Greg Lindahl :
> If you really need to run an old minor version, you should consider
> paying for the upstream Enterprise Linux. They keep all the old minor
> versions up-to-date with regard to security fixes. CentOS does not.
https://access.redhat.com/support/policy
On 9/27/2014 2:53 PM, Greg Lindahl wrote:
A. No. CentOS only updates the most recent of each of the major
versions. For example, for CentOS 5, if the most recent minor version
is 5.10, then that is the only version that is receiving security
updates. CentOS 5.4 is frozen and never gets any updat
On Sat, Sep 27, 2014 at 08:28:48AM -0500, Johnny Hughes wrote:
> On 09/26/2014 06:23 PM, Greg Lindahl wrote:
>
> > Do we have a FAQ we can point people to that explains this? It's not
> > obvious, and we need to educate anyone who shows up here not knowing
> > the insecure nature of point releases
On Sat, Sep 27, 2014 at 11:10:54AM -0600, Frank Cox wrote:
> On Sat, 27 Sep 2014 08:28:48 -0500
> Johnny Hughes wrote:
>
> > How is this:
> >
> > http://bit.ly/1rAbtoT
>
> Two typos:
>
> Para 5: $relesever s/b $releasever
>
> Para 9: componet s/b component (3x)
>
> Outside of the typos, it lo
On Sat, 27 Sep 2014 08:28:48 -0500
Johnny Hughes wrote:
> How is this:
>
> http://bit.ly/1rAbtoT
Two typos:
Para 5: $relesever s/b $releasever
Para 9: componet s/b component (3x)
Outside of the typos, it looks great to me!
--
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatr
My mistake then, apologies.
On Sep 27, 2014, at 9:36 AM, Always Learning wrote:
>
> On Sat, 2014-09-27 at 09:31 -0500, William Woods wrote:
>
>> 5.4 ? really…. 5.4 ? you have a lot of other issues to worry about.
>
> Not me. I'm on 5.10 and 6.5.
>
> The lady who enquired was happily using C
On Sat, 2014-09-27 at 09:31 -0500, William Woods wrote:
> 5.4 ? really…. 5.4 ? you have a lot of other issues to worry about.
Not me. I'm on 5.10 and 6.5.
The lady who enquired was happily using C 5.4
--
Regards,
Paul.
England, EU.
___
CentOS mai
5.4 ? REally 5.4….
You have lots of other issues to be concerned with.
On Sep 27, 2014, at 8:28 AM, Johnny Hughes wrote:
> On 09/26/2014 06:23 PM, Greg Lindahl wrote:
>> On Sat, Sep 27, 2014 at 01:29:44AM +0300, Eero Volotinen wrote:
>>> 2014-09-27 0:42 GMT+03:00 Always Learning :
>>
> Sca
5.4 ? really…. 5.4 ? you have a lot of other issues to worry about.
On Sep 27, 2014, at 8:28 AM, Johnny Hughes wrote:
> On 09/26/2014 06:23 PM, Greg Lindahl wrote:
>> On Sat, Sep 27, 2014 at 01:29:44AM +0300, Eero Volotinen wrote:
>>> 2014-09-27 0:42 GMT+03:00 Always Learning :
>>
> Scary s
5.4 ? really…. 5.4 ? you have a lot of other issues to worry about.
On Sep 27, 2014, at 8:28 AM, Johnny Hughes wrote:
> On 09/26/2014 06:23 PM, Greg Lindahl wrote:
>> On Sat, Sep 27, 2014 at 01:29:44AM +0300, Eero Volotinen wrote:
>>> 2014-09-27 0:42 GMT+03:00 Always Learning :
>>
> Scary s
> >> 2014-09-27 0:42 GMT+03:00 Always Learning :
> >
> >>> Never mind the "scary screen" why are you deliberately using an insecure
> >>> and out-of-date 5.4 version of Centos ?
On 09/26/2014 06:23 PM, Greg Lindahl wrote:
> > Do we have a FAQ we can point people to that explains this? It's not
On 09/26/2014 06:23 PM, Greg Lindahl wrote:
> On Sat, Sep 27, 2014 at 01:29:44AM +0300, Eero Volotinen wrote:
>> 2014-09-27 0:42 GMT+03:00 Always Learning :
>
Scary screenie at: http://i.imgur.com/yR7sBjV.png
>>>
>>> Never mind the "scary screen" why are you deliberately using an insecure
>>>
On 09/27/2014 10:29 AM, Eero Volotinen wrote:
> uh. is this system even patched for heartbleed?
EL5 was never vulnerable to heartbleed to begin with, that said, your
point is still valid as to other vulnerabilities.
Peter
___
CentOS mailing list
CentOS
On Sat, Sep 27, 2014 at 01:29:44AM +0300, Eero Volotinen wrote:
> 2014-09-27 0:42 GMT+03:00 Always Learning :
> > > Scary screenie at: http://i.imgur.com/yR7sBjV.png
> >
> > Never mind the "scary screen" why are you deliberately using an insecure
> > and out-of-date 5.4 version of Centos ?
Do we
2014-09-27 0:42 GMT+03:00 Always Learning :
>
> On Fri, 2014-09-26 at 15:02 -0500, Jessica Blank wrote:
>
>
> > Scary screenie at: http://i.imgur.com/yR7sBjV.png
>
> Never mind the "scary screen" why are you deliberately using an insecure
> and out-of-date 5.4 version of Centos ?
>
> Common sense
On Fri, 2014-09-26 at 15:02 -0500, Jessica Blank wrote:
> Scary screenie at: http://i.imgur.com/yR7sBjV.png
Never mind the "scary screen" why are you deliberately using an insecure
and out-of-date 5.4 version of Centos ?
Common sense says that if you are genuinely interested in security then
y
On Fri, Sep 26, 2014 at 3:24 PM, wrote:
> Jessica Blank wrote:
>> Good afternoon!
>>
>> After applying the latest bash RPM listed at
>> http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html
>> :
>> The fixed RPM (bash-3.2-33.el5_10.4.x86_64.rpm) DOES work just fine on
>> Ce
Jessica Blank wrote:
> Good afternoon!
>
> After applying the latest bash RPM listed at
> http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html
> :
> The fixed RPM (bash-3.2-33.el5_10.4.x86_64.rpm) DOES work just fine on
> CentOS 5.10. However, it DOES NOT work on CentOS 5.4.
Never mind; false alarm. Apparently, we both had a previous 'echo' file
sitting around from before.
Best,
Jessica
On Fri, 26 Sep 2014, Jessica Blank wrote:
Good afternoon!
After applying the latest bash RPM listed at
http://lists.centos.org/pipermail/centos-announce/2014-September/020594.ht
Good afternoon!
After applying the latest bash RPM listed at
http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html :
The fixed RPM (bash-3.2-33.el5_10.4.x86_64.rpm) DOES work just fine on
CentOS 5.10. However, it DOES NOT work on CentOS 5.4. That is, bash runs
fine, but
37 matches
Mail list logo
