-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of R P Herrold Sent: Wednesday, June 17, 2009 5:37 PM To: CentOS mailing list Subject: [CentOS] CentOS security advisories
On Wed, 17 Jun 2009, Joshua Bahnsen wrote:
I assume you mean this? http://www.redhat.com/legal/legal_statement.html
That is an assumption you make, all right --- that page does not state it is exhaustive, however ...
What I mean is, is there a specific Red Hat web page that defines what is acceptable and what is not?
Feel free to ask them, just not on this list
What exactly do you mean by "breaching the rhn aup's"?
Red Hat's outside counsel has made a statement asserting (in part) CentOS project misbehavior by so-called 'deep linking' as follows:
Moreover, our client does not allow others [in a letter directed to asserted improper CentOS project behavior] to provide links to our client's web site without permission.
earlier: K B Singh wrote: yes, its come up a few times, there has been some work done on it as well, however there is no automated way to get this info without breaching the rhn aup's
I realize you [Joshua Bahnsen] feel a need to top post for some reason, but it simply means that context threading is broken.
Red Hat's counsel threatened litigation against the project if it did not address various alleged issues:
... we trust that this issue can be resolved promptly and amicably and appreciate your attention to this matter. We look forward to your reply and request a response no later than February 4, 2005
Why would the project go again near a sharp edge that Red Hat has chosen to take offense at? Who shall insure and indemnify the project and its members against the costs of defense, let alone any damages award?
Please note that I do not need a reply on that question, as it is clearly a rhetorical question.
-- Russ herrold _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[Joshua Bahnsen]
I don't want to cause any trouble here, but what does this have to do with generating advisory information that is provided by the vendor? Are there legal questions around clicking around the publicly available advisory data and generating XML based on that information? Obviously CentOS is generating *SOME* of the data provided by the vendor but not all. I'm merely trying to figure out:
1. Why there is a discrepancy (legal?, time?, need?, etc.) 2. If there is an alternate location to find this advisory information for CentOS 3. If anyone has tried to combine this data into a format consumable by yum-security 4. If using the advisory data provided on the vendor website and changing the title is a valid approach to generate advisory data in which the rpms are named the same
I believe this feature (patching based on advisories) would be advantageous to end users.