Date: Fri, 06 Mar 2015 20:54:47 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 On 06/03/15 06:08 AM, John Haxby wrote: > On 06/03/15 01:02, Kurt Seifried wrote: >> Please contact your TAM/GSS with this request, it carries a lot >> more impact if customers want something that we also want. > > > I know "me too" isn't helpful, but I'm going to say "me too" anyway. > > It occurred to me that we could have a patch that has a global switch > (eg a file in, say, /etc/sysconfig and a corresponding switch for > individual applications) that switches on the correct behaviour. I > know it's a bit of a mess, but that way people who don't care will > continue in blissful ignorance and people that do care can do > something about it. That would be one way. But why can't Oracle build it and open source it? Oracle has a Linux distribution too I thought? Or do you need Red Hat engineering to do it first? If so as I said, customer cases carry far more weight than oss-security for feature requests. > jch -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ