On 6/21/2011 5:36 PM, Karanbir Singh wrote:
On 06/21/2011 09:26 PM, Les Mikesell wrote:
So, again, under what circumstances does anyone think it is a good idea to not opt into this repo and instead keep running code that will very likely have published exploits over a time span that we've seen can run for months?
Sounds like a good question to bring up at your next user group meeting. From the CentOS perspective, its important we give people the opportunity to get these packages as soon as possible so they can make their choice.
I dont particularly care about their religious choice or their internal implementation policies, and this list isn't the place to bash them around.
Let's say we disagree about choosing to continue to run software with known/published exploits. I think you need very, very, good reasons to make that choice, which is why I think the choice should be opt-out, not in. It may be a matter of faith one way or another, but I think there is a lot more reason to risk installing the fixes than to leave it as a matter of time until someone takes over your machines for DDOS attacks against others or worse.