[CentOS-devel] [off topic] Oracle Lnux

Fri Jan 5 08:58:12 UTC 2007
Johnny Hughes <johnny at centos.org>

On Thu, 2007-01-04 at 07:56 -0200, TEOTONIO wrote:
> Hello all,
> 
> this is my first post. :-)
> 
> Enterprise Linux Oracle is Centos or is based on Centos???
> 
> Sory my bad english :(
> 
> I am a author of distro Libertas based on Fedora Core 3.0, instaled in
> plus 9000 PCs on scholl LAN (Belo Horizonte-MG Brazil).
> 

Well ...

CentOS is based on the source files released here:

http://ftp.redhat.com/pub/redhat/linux/

Oracle Unbreakable Linux is based on the same source files.

Oracle did also take some of the work that we have done (our changes to
above linked source files) and incorporated it into their product.
CentOS is GPL, so there is nothing wrong with that ... though they
should have that in their press and they don't.

Still I would objectively say, that for the most part their product is
based on the RHEL sources (as CentOS only changes maybe 2% of the files
for artwork/trademark reasons) ... but they have certainly also based
their changes {on the files that need changing} on our work as well.

Now ... if they would stop giving away free ISOs with security issues
and not allowing those to be updated for free, their potential customers
could actually deploy their product for testing and not fear that their
servers would be owned.

Oracle REALLY, REALLY, REALLY needs to rethink this policy ... giving
away free ISOs that contain packages with known security vulnerabilities
and not providing free security updates is wrong headed and ABSOLUTELY
IRRESPONSIBLE.

I can't understand how they can sleep at night.

If they want to charge for the updates (and not allow people to get them
for free), then they should also only distribute the ISOs to people who
can get those updates.  Doing what they are now doing, purposely giving
out ISOs with security issues and no update path, is going to create a
legion of zombie, hacker owned, machines that enterprise admins think
are OK because they are Oracle ... amazing :(

Thanks,
Johnny Hughes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20070105/9f6c24c0/attachment-0007.sig>