Date: Mon, 4 Apr 2011 13:26:50 -0400 (EDT) From: R P Herrold <herrold@...river.com> To: oss-security@...ts.openwall.com Subject: Closed list On Mon, 4 Apr 2011, Tomas Hoger wrote: > Given the aim to keep the subscriber list very limited, this probably > falls into a tentatively subscribed category too. AFAIK, CentOS has > rather few components that are not rebuilds of the RHEL SRPMs, the > question is how often a v-s info was useful in the past in providing > security updates for those extra packages. Thanks for the post furthering the marketing goals of your corporate master; perhaps the security goal of making sure the Linux server space is well-secured in a timely fashion was overlooked by you as you framed your thought Seemingly (you mention 'AFAIK'), you do not follow the 'extras' archive, nor the 'testing' where extensions are found, past what Red Hat ships by default in its enterprise product I have regularly flagged to our updates builder sub-group, for slotting in updates to push out vulnerable content in those side archives, based on vendor-sec notes; further, in ranking the 'urgency' of a push, I posted a rather detailed package by package analysis of un-pushed updates, in the last month or so, as to matters pending during the intersticial 'solve the rebuild' delay as to some updates issued upstream but not yet pushed by the CentOS team, in part based upon tracking vendor-sec -- Russ herrold herrold@...tos.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.