On Thu, Jan 8, 2009 at 6:33 PM, Scott Silva ssilva@sgvwater.com wrote:
on 1-8-2009 3:14 PM Warren, Eucke spake the following:
<snip>
I appreciate the response. If you recall I did post the link so it's a safe assumption that I read the page and understood it's content. What I'm after is whether there's any other information channel that might not be so obvious for seeing if there might be action coming up for an particular issue. Being in a highly regulated industry the legal department has a tough job. I work within the guidelines they set.
<snip>
I am restricted to 5.1 as approved by legal. 5.2 is not approved so 5.3 isn't an option either. Once I can sort out whether something "official" will fix this I can then determine how to pursue this internally. A workaround fix does not address that the kickstart-built system will still contain this bug as it will be built from RPM's that are not fixed.
You might want to hint to your legal department that unpatched servers sitting on the internet are just waiting to be hacked and exploited. The fact that they make you sit with an older version without any patches says that they have no idea how much damage can be done, or how much info can leak from unpatched systems.
Maybe if a million customer records leak out because they won't let you patch systems they might update their thinking.
Well said Scott. They are in the gambling business and I fully support what the Nevada Gaming Commission (or those in other states) does. However, I cannot imagine they want Software that has been updated for Security or Stability reasons not to be updated. http://www.wms.com/aboutwms.php Lanny