On 7/21/2011 10:57 AM, Alan Bartlett wrote:
On 21 July 2011 16:41, Les Mikeselllesmikesell@gmail.com wrote:
On 7/21/2011 10:19 AM, Alan Bartlett wrote:
On 21 July 2011 16:05, Les Mikeselllesmikesell@gmail.com wrote:
The important thing to know is when published CVE's are fixed upstream
Sorry Les but you are going OT. With regard to what you have just said, we all have the ability to monitor what the "Upstream Vendor" does.
And I'm sorry that you think that well-known but unpatched vulnerabilities in the software published as CentOS is OT. What the upstream vendor has said about it isn't the relevant point. What is relevant is that CentOS has shipped the vulnerabilities; a lot of other people know about them, and the CentOS users deserve to know as well, especially when the fix is hidden in the CR repo.
Riding on your hobby-horse, once again.
See KB's opening post to this thread. That sets the topic.
And I'm trying to correct it from a user's perspective. If I have a specific bug in an application or driver that affects my system, I'll know about it and seek out the fix. The ones I need to be informed about are the security vulnerabilities included but hidden in the distribution, and I especially need to know that when they are published in a way that makes a large number of other people aware that my system still has them.