2 things to keep in mind... 1) the httpd dos vuln does not even have a Red Hat patch yet, only a work around. 2) the people who work on CentOS are VOLUNTEERS. They do not get paid which is a large part of why CentOS is free.
If you need up to the minute updates, maybe you should be using RHEL.
John
On 03/09/11 16:00, Vesselin Kolev wrote:
Today is September 3, 2011. There are no _any_ CentOS 6 security updates for a month (during August). And at the moment, the usage of CentOS 6 as a server platform is irresponsible risk (just for example - there is an uncovered httpd DoS, the same is for Samba, e.t.c). And more and more people start to realize that there is practically no (security) support in CentOS 6. Just look at centos-announce@centos.org - the only supported version of CentOS now is ... 4, which is almost at its "end of life"!!! How is it possible? How can I advise people to use CentOS in their business and make donations? Maybe I should ask them to pray for updates or so?
Do You realise how critical is the situation now? Maybe you should think on what the words "Enterprise" mean. Or maybe You should think how to get back the lost confidence, because too many people now think that CentOS is no more enterprise distribution, not at all! _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos