On 6/21/2011 10:09 AM, Karanbir Singh wrote:
On 06/21/2011 04:06 PM, Les Mikesell wrote:
a kernel that does not boot can kind of do that...
But is that really worse than one that allows anyone to become root, which might be the other choice? And if you can't take the chance or think you are firewalled well enough that it doesn't matter, why update at all?
I'm guessing you are just ranting here for the sake of ranting. Or do you really expect rpms to be pushed from build to public repos online without any testing at all ?
I'm pointing out that running for any length of time without fixing known vulnerabilities is a very bad. Even if it is a local root escalation - if you also have an exploit in a network app (like the bazillion in php and its apps, struts, etc.) the two can be combined to take over the machine and it is mostly a matter of time until it happens (and yes, this is from experience...). And I thought last time around you said these packages would go through the normal qa process before even going into the option CR repo, so I'll repeat the question as to why you think something is going to be wrong with them. I can see wanting some reasonable number of machines to run them as a test, but still don't understand why anyone would want to continue to run with known problems instead of having them fixed.