on 1-8-2009 3:14 PM Warren, Eucke spake the following:
Scott Silva wrote:
The bug page gives you the status. It was assigned (to Karanbir), and
he ack'ed it. If it was fixed, it would
be resolved. It shouldn't be that hard to apply the fix manually and
your legal department is too rigid if they
are that picky about a fix to "free" software. I can see if they were
paying contract support on it.
I appreciate the response. If you recall I did post the link so it's a safe assumption that I read the page and understood it's content. What I'm after is whether there's any other information channel that might not be so obvious for seeing if there might be action coming up for an particular issue. Being in a highly regulated industry the legal department has a tough job. I work within the guidelines they set.
If Karanbir thinks it merits an upstream bug report, I'm almost sure
he might do that, if the original bug
poster doesn't. It "might" be fixed by the time 5.3 comes out, but do you want to wait?
I am restricted to 5.1 as approved by legal. 5.2 is not approved so 5.3 isn't an option either. Once I can sort out whether something "official" will fix this I can then determine how to pursue this internally. A workaround fix does not address that the kickstart-built system will still contain this bug as it will be built from RPM's that are not fixed.
Eucke
You might want to hint to your legal department that unpatched servers sitting on the internet are just waiting to be hacked and exploited. The fact that they make you sit with an older version without any patches says that they have no idea how much damage can be done, or how much info can leak from unpatched systems.
Maybe if a million customer records leak out because they won't let you patch systems they might update their thinking.