On Fri, Feb 18, 2011 at 7:39 PM, James Hogarth james.hogarth@gmail.com wrote:
Joe, Randy and James are my mentors of 15, 5 and 5 years, respectively, and all said the same thing, namely "nuke and repave, be sure to be current on BIND" since it is a purpose-built box (ns1).
Perhaps is it a difference in language and what you mean by mentor and where I would mean old colleague/peer who I have discussed this with.
Wikipedia says "This is the source of the modern use of the word mentor: a trusted friend, counselor or teacher, usually a more experienced person." I am not their peer; they are my mentors. They have been invaluable over the 25 combined years of mentorship to this rural ISP.
Remember that the version number you see on BIND is not always the equivalent of upstream due to backports. You should check the relevant RHEL errata, the package %changelog and CVE to get a better understanding of what exploits are known and what has been patched.
Johnny has remarked on the importance of trust.
My trust in RedHat went down when I learned they are not shipping all the SRPMs. Some say it is due to human error. If that is the case, why should I think they are better at backporting security fixes than at making sure a manifest of SRPMs is complete and correct?