On 13 Dec 2002, Ben Russo wrote:
> The source packages have the change logs and notes in them,
> and I could swear I remember reading an RPM command option somewhere
> that would give that info too???
rpm -q --changelog | less
rpm -qp --changelog | less
Redhat has a history of making very goo
On Sat, Dec 14, 2002 at 12:17:03PM -0600, David van Hoose wrote:
> I got the point loud and clear, and my response to it is that RedHat
> is being unnecessarily paranoid.
But the very point is that being paranoid is key here.
What you want is something different from these updates. These
updates
Actually, what Red Hat does is compile and evaluate each new release,
until they're satisfied that it isn't broken, and then they package that
release for general consumption.
If you want bleeding edge stuff, David, feel free to download it and make
use of it. In the meantime, I applaud Red Ha
On Sat, 2002-12-14 at 12:17, David van Hoose wrote:
> I got the point loud and clear, and my response to it is that RedHat is
> being unnecessarily paranoid. They need to accept that not every release
> in existance is going to break everything. If something does, they'll
> notice it in VERY sho
I got the point loud and clear, and my response to it is that RedHat is
being unnecessarily paranoid. They need to accept that not every release
in existance is going to break everything. If something does, they'll
notice it in VERY short time and have it patched quickly at the source.
For majo
I thinks you didn't read those changelogs as they mention EVERY change
to the system.
Yes there are library changes, but no they cannot break your program
unless your program relies on a bug or a security hole. It is safe to
upgrade (in most every case) programs with only the 3rd number of the
On Sat, 2002-12-14 at 04:01, David van Hoose wrote:
> Here are the changelog addresses for KDE 3.0.4 and KDE 3.0.5. Read them
> and tell me what could possibly "break" any 3.0.3 program on your
> system? I want a list. Take as much time as you need.
>
> http://www.kde.org/announcements/changelog
On Sat, 2002-12-14 at 02:01, David van Hoose wrote:
> Here are the changelog addresses for KDE 3.0.4 and KDE 3.0.5. Read them
> and tell me what could possibly "break" any 3.0.3 program on your
> system? I want a list. Take as much time as you need.
>
> http://www.kde.org/announcements/changelog
Here are the changelog addresses for KDE 3.0.4 and KDE 3.0.5. Read them
and tell me what could possibly "break" any 3.0.3 program on your
system? I want a list. Take as much time as you need.
http://www.kde.org/announcements/changelogs/changelog3_0_3to3_0_4.html
http://www.kde.org/announcements/
On Saturday 14 December 2002 03:43, Ben Russo wrote:
> On Fri, 2002-12-13 at 16:11, [EMAIL PROTECTED] wrote:
>
> The latest 7.3 openssh package is 3.1p1-6
> make sure the redhat mirror you are using has the latest.
> The 3.1p1-x, the 'X' part is the epoch number which according to redhat
> outweig
As a future hardware OEM that will be pre-installing Linux I can say
that this feature of Red Hat is EXACTLY why I really think we will OEM
Red Hat with our systems.
Applying the patches to the version of the package that shipped with
their distro is the best and proper way to do it. It really is.
On Fri, 2002-12-13 at 16:11, [EMAIL PROTECTED] wrote:
...
> well I guess this is a little confusing too. The redhat download centers
> show for RH 7.3 the file:
>
> openssh-3.1p1-3.i386.rpm 213 KB 04/17/2002 12:00:00 AM
>
> and for RH 8.0 the file:
>
> openssh-3.4p1-2.i386.rpm 213 KB 0
Thanks,
I find that a bit disheartening in that it means I can't trust the errata page
to accurately reflect the status of the software at any time in the past.
Any of the updates listed there could have been placed there at any time
prior to today. I also just visited one of the mirror site
Hello Mathew,
After more or less hi-jacking your thread (sorry about that) I guess I'm
coming slowly to the conclusion that the source tarball may be the surest way
to know that you are, and keep, up-to-date.
Thanks for bringing it up, it's been very instructive for me.
Regards, Mike Klinke
On Fri, 2002-12-13 at 18:08, [EMAIL PROTECTED] wrote:
>
> That's the only explanation I can think of that makes any sense. I wonder
> what the date represents??
>
> Do you know if the apache entry in the errata pages was also updated sometime
> in the past 48 hours?
I think so. I recall seei
That's the only explanation I can think of that makes any sense. I wonder
what the date represents??
Do you know if the apache entry in the errata pages was also updated sometime
in the past 48 hours? If so, I'll add a note to my little, er, growing
update procedure to not trust the errata p
On Fri, 2002-12-13 at 16:56, [EMAIL PROTECTED] wrote:
> >From my up2date log:
> [Fri Dec 13 17:19:38 2002] up2date new up2date run started
> [Fri Dec 13 17:22:33 2002] up2date installing packages: ['apache-1.3.27-2',
> 'mm-1.1.3-11', 'mm-devel-1.1.3-11', 'wget-1.8.2-4.73']
>
> and the errata pag
Hello Gordon,
On Friday 13 December 2002 23:07, Gordon Messmer wrote:
>
> Actually, the errata you were offered "today" were new. There is not
> yet an entry in the errata list for the packages you were offered.
>
> Up2date will always have the latest errata when they're released.
Today, via t
On Fri, 2002-12-13 at 10:19, [EMAIL PROTECTED] wrote:
>
> Matthew's note did bring something to my attention that I didn't realize.
> Chuck's response below which included the links to the errata pages was
> interesting in that I see the RH 7.3 Apache update is dated 11-25 on the
> page. I se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 13 Dec 2002 21:11:36 +, [EMAIL PROTECTED] wrote:
> Chuck,
>
> I don't intend to beat on you but perhaps you can shed some light on
> what to me is very confusing about the way RH is handling the security
> fixes.
>
> I guess it would be
Chuck,
I don't intend to beat on you but perhaps you can shed some light on what to
me is very confusing about the way RH is handling the security fixes.
I guess it would be fair to say, at least in my case, that I unnecessarily
updated my openssh using the tarball at openssh.org to 3.5p1. Wha
On Fri, Dec 13, 2002 at 11:54:43AM -0600, David van Hoose wrote:
> I find it kind of iritating that RH just released an update for KDE
> 3.0.3 instead of releasing 3.0.5 which had the same fixes. Some
> programs should be tested, but others are already being tested and
> fixed on a daily basis.
No
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 13 Dec 2002, Michael Schwendt enscribed the following:
MS>I don't think they like the idea of out-sourcing their QA into the
MS>community. ;)
Yup... which would, without doubt, raise a whole new set of problems and
associated complaints! ;-)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 13 Dec 2002, Terry Moore-Read enscribed the following:
TM>Actually they are mainly backporting patches from the newer versions
TM>to the versions in the current redhat release so most of the time the
TM>new release is already fixed. The reaso
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 13 Dec 2002, Bret Hughes enscribed the following:
BH>On Fri, 2002-12-13 at 10:25, Chuck Mead wrote:
BH>> -BEGIN PGP SIGNED MESSAGE-
BH>> Hash: SHA1
BH>>
BH>> On Fri, 13 Dec 2002, Matthew Boeckman enscribed the following:
BH>>
BH>> MB
On Fri, 2002-12-13 at 11:54, David van Hoose wrote:
> You are not alone.
> I sent RedHat a message addressing the issue about how they are
> releasing older packages with their set of security fixes rather than
> helping patch the program's CVS so that ALL of the newer versions of the
> program
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 13 Dec 2002 11:54:43 -0600, David van Hoose wrote:
> I sent RedHat a message addressing the issue about how they are
> releasing older packages with their set of security fixes
This is good. Backporting security fixes doesn't have the
side-
Actually they are mainly backporting patches from the newer
versions to the versions in the current redhat release so most of the time the
new release is already fixed. The reasoning behind this is to keep the
release feature stable while keeping up with security & bug
fixes.
Terry Moor
On Fri, 2002-12-13 at 10:25, Chuck Mead wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Fri, 13 Dec 2002, Matthew Boeckman enscribed the following:
>
> MB>> Are you sure that they're not addresing the issues? *My* understanding is
> MB>> that, in most cases, the security patches
On Fri, 2002-12-13 at 12:54, David van Hoose wrote:
> You are not alone.
> I sent RedHat a message addressing the issue about how they are
> releasing older packages with their set of security fixes rather than
> helping patch the program's CVS so that ALL of the newer versions of the
> program
Matthew's note did bring something to my attention that I didn't realize.
Chuck's response below which included the links to the errata pages was
interesting in that I see the RH 7.3 Apache update is dated 11-25 on the
page. I seldom visit this page unless it's for a special reason as I tend
You are not alone.
I sent RedHat a message addressing the issue about how they are
releasing older packages with their set of security fixes rather than
helping patch the program's CVS so that ALL of the newer versions of the
program will be patched. I find that RedHat is in essence pulling a
M
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 13 Dec 2002, Matthew Boeckman enscribed the following:
MB>> Are you sure that they're not addresing the issues? *My* understanding is
MB>> that, in most cases, the security patches are applied to the version of
MB>> the app currently being
On Fri, 2002-12-13 at 09:40, Matthew Boeckman wrote:
> >
> > Are you sure that they're not addresing the issues? *My* understanding is
> > that, in most cases, the security patches are applied to the version of
> > the app currently being distributed by RH. This was certainly true with
> > re
Are you sure that they're not addresing the issues? *My* understanding is
that, in most cases, the security patches are applied to the version of
the app currently being distributed by RH. This was certainly true with
regard to the OpenSSH bugs, and I'm fairly sure that philosophy is true
wi
On Fri, 13 Dec 2002, Matthew Boeckman wrote:
> I'm a little disturbed by something I'm seeing with the way that RH
> manages RPM security updates. It's almost microsoftian they way they are
> tending to take weeks or months to address critical security holes.
>
> For example, the recent Apache<
I'm a little disturbed by something I'm seeing with the way that RH
manages RPM security updates. It's almost microsoftian they way they are
tending to take weeks or months to address critical security holes.
For example, the recent Apache<1.3.27 shared memory exploit, originally
announced Aug
37 matches
Mail list logo
