Thanks very much all for the responses Apologies for delayed had a back injury keeping afk Definitely have some food for thought
thanks all again
On Sat, Jun 18, 2016 at 10:51 PM, Anthony K akcentos@anroet.com wrote:
On 16/06/16 13:18, Johnny Hughes wrote:
.. the actual definition of a 'CRITICAL' update from Red Hat's perspective is:
"This rating is given to flaws that could be easily*exploited by a remote unauthenticated attacker and lead to system compromise (arbitrary code execution) without requiring user interaction*. These are the types of vulnerabilities that can be exploited by worms. Flaws that require an authenticated remote user, a local user, or an unlikely configuration are not classed as Critical impact."
Taken from: https://access.redhat.com/security/updates/classification
I think it's time to add a another link to the mailman suffix.
That bold section should scare anyone storing public data on their servers without keeping up with security updates whether critical or not! I'd say that whole paragraph needs to be added to the Wiki somewhere and the email suffix modified to include a link to it. This would give us a place to point people to - such as - *S**ee link at bottom of signature, you <insert what you feel necessary here>*.
ak.
PS: Here's what my suggestion might look like:
<new_sig> ---------- CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Latest CentOS Release - 7.v.wxyz - https://wiki.centos.org/read-this-if-centos-version-not-at-7.v.wxyz </new_sig>
And just as Johnny said - but what the heck do I know?
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos