[CentOS-devel] announcing stuff that is in CR/
Les Mikesell
lesmikesell at gmail.com
Thu Jul 21 16:15:21 UTC 2011
On 7/21/2011 10:57 AM, Alan Bartlett wrote:
> On 21 July 2011 16:41, Les Mikesell<lesmikesell at gmail.com> wrote:
>> On 7/21/2011 10:19 AM, Alan Bartlett wrote:
>>> On 21 July 2011 16:05, Les Mikesell<lesmikesell at gmail.com> wrote:
>>>
>>>> The important thing to know is when published CVE's are fixed upstream
>>>
>>> Sorry Les but you are going OT. With regard to what you have just
>>> said, we all have the ability to monitor what the "Upstream Vendor"
>>> does.
>>
>> And I'm sorry that you think that well-known but unpatched
>> vulnerabilities in the software published as CentOS is OT. What the
>> upstream vendor has said about it isn't the relevant point. What is
>> relevant is that CentOS has shipped the vulnerabilities; a lot of other
>> people know about them, and the CentOS users deserve to know as well,
>> especially when the fix is hidden in the CR repo.
>
> Riding on your hobby-horse, once again.
>
> See KB's opening post to this thread. That sets the topic.
And I'm trying to correct it from a user's perspective. If I have a
specific bug in an application or driver that affects my system, I'll
know about it and seek out the fix. The ones I need to be informed
about are the security vulnerabilities included but hidden in the
distribution, and I especially need to know that when they are published
in a way that makes a large number of other people aware that my system
still has them.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS-devel
mailing list