On Feb 20, 2011, at 3:02 PM, Larry Vaden wrote: > On Sun, Feb 20, 2011 at 1:42 PM, Johnny Hughes <johnny at centos.org> wrote: >> >> And we do this ... submit missing build requirements as bugs. > > Hypothetical: > > 1) mission critical use of RHEL in a "life or death" environment, > let's say it is an ICU application in a hospital hospitals pay huge premiums to avoid risk. And RHEL (like all software) carries all sorts of disclaimers in the fine print. > 2) miscreant exploits vulnerability in RHEL, rendering it useless, as > well as the 3 other machines performing the same function miscreants aren't usually seeking, say, virtual kidneys when its so much easier to steal credit car numbers. > 3) experienced sysadmin diagnoses issue to the rpm level Whoa: leave rpm out of this risk analysis please. Its not rpm, but rather yum, that routinely disables signature checking. > 4) e.s. loads build environment and the vulnerable SRPM and build > environment fails to produce good RPM You're building SRPM's in an ICU now? Try AWS EC2 instead, far cheaper, and scales better. > 5) e.s., being a RH rate-payer, is unaware that CentOS Team and > Community has solved the issue with a kludge to the build environment People die daily, hospitals can't save everyone, and there's always CentOS42 where this tedious thread will surely still be going on. 73 de jeff -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4645 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20110220/01253e79/attachment-0007.p7s>