On 7/21/2011 10:19 AM, Alan Bartlett wrote: > On 21 July 2011 16:05, Les Mikesell<lesmikesell at gmail.com> wrote: > >> The important thing to know is when published CVE's are fixed upstream > > Sorry Les but you are going OT. With regard to what you have just > said, we all have the ability to monitor what the "Upstream Vendor" > does. And I'm sorry that you think that well-known but unpatched vulnerabilities in the software published as CentOS is OT. What the upstream vendor has said about it isn't the relevant point. What is relevant is that CentOS has shipped the vulnerabilities; a lot of other people know about them, and the CentOS users deserve to know as well, especially when the fix is hidden in the CR repo. -- Les Mikesell lesmikesell at gmail.com