On Feb 20, 2011, at 3:02 PM, Larry Vaden wrote:
On Sun, Feb 20, 2011 at 1:42 PM, Johnny Hughes johnny@centos.org wrote:
And we do this ... submit missing build requirements as bugs.
Hypothetical:
- mission critical use of RHEL in a "life or death" environment,
let's say it is an ICU application in a hospital
hospitals pay huge premiums to avoid risk. And RHEL (like all software) carries all sorts of disclaimers in the fine print.
- miscreant exploits vulnerability in RHEL, rendering it useless, as
well as the 3 other machines performing the same function
miscreants aren't usually seeking, say, virtual kidneys when its so much easier to steal credit car numbers.
- experienced sysadmin diagnoses issue to the rpm level
Whoa: leave rpm out of this risk analysis please. Its not rpm, but rather yum, that routinely disables signature checking.
- e.s. loads build environment and the vulnerable SRPM and build
environment fails to produce good RPM
You're building SRPM's in an ICU now? Try AWS EC2 instead, far cheaper, and scales better.
- e.s., being a RH rate-payer, is unaware that CentOS Team and
Community has solved the issue with a kludge to the build environment
People die daily, hospitals can't save everyone, and there's always CentOS42 where this tedious thread will surely still be going on.
73 de jeff