[CentOS] BInd Problem or Update SSL ?
Larry Vaden
vaden at texoma.net
Sat Feb 19 06:51:55 UTC 2011
On Fri, Feb 18, 2011 at 7:39 PM, James Hogarth <james.hogarth at gmail.com> wrote:
>>
>> Joe, Randy and James are my mentors of 15, 5 and 5 years,
>> respectively, and all said the same thing, namely "nuke and repave, be
>> sure to be current on BIND" since it is a purpose-built box (ns1).
>
> Perhaps is it a difference in language and what you mean by mentor and
> where I would mean old colleague/peer who I have discussed this with.
Wikipedia says "This is the source of the modern use of the word
mentor: a trusted friend, counselor or teacher, usually a more
experienced person." I am not their peer; they are my mentors. They
have been invaluable over the 25 combined years of mentorship to this
rural ISP.
> Remember that the version number you see on BIND is not always the
> equivalent of upstream due to backports. You should check the relevant
> RHEL errata, the package %changelog and CVE to get a better
> understanding of what exploits are known and what has been patched.
Johnny has remarked on the importance of trust.
My trust in RedHat went down when I learned they are not shipping all
the SRPMs. Some say it is due to human error. If that is the case,
why should I think they are better at backporting security fixes than
at making sure a manifest of SRPMs is complete and correct?
More information about the CentOS
mailing list