[CentOS] Missing Thunderbird Updates
Ned Slider
ned at unixmail.co.uk
Wed May 20 21:38:25 UTC 2009
nate wrote:
> Akemi Yagi wrote:
>
>> We can't be the only ones still using C4 i386. Some of the outstanding
>> security updates are rated critical; maybe people just don't realize
>> how many unpatched vulnerabilities there are at this point.
>
> I run C4 i386, though my systems are on trusted networks whose
> only services are provided by 3rd party packages(mostly java/tomcat)
> and my CentOS 4.6 machines are the least of my worries when it comes
> to updates(hello RHEL 3 update 3!)
>
> When we get audited later this year I will try to push us onto RHEL,
> should be easier to justify at that point.
>
> nate
>
I think the point is that there must be something very wrong/broken if
a) security updates are missing for over a month, and b) people don't
even like to ask for fear of offending someone, and c) no one really
talks about it.
One of the projects stated goals has always been to release updates
within 72 hours, and often within 24 hours from upstream release. This
isn't about missing that target by a day or two, but rather that
security updates are completely missed altogether until someone notices
and says something at which point they normally appear 24 hours later.
It looks more like the process is broken to me, but as we have no idea
what the process actually is it's impossible to tell.
More information about the CentOS
mailing list