[CentOS-devel] announcing stuff that is in CR/

Thu Jul 21 15:41:06 UTC 2011
Les Mikesell <lesmikesell at gmail.com>

On 7/21/2011 10:19 AM, Alan Bartlett wrote:
> On 21 July 2011 16:05, Les Mikesell<lesmikesell at gmail.com>  wrote:
>
>> The important thing to know is when published CVE's are fixed upstream
>
> Sorry Les but you are going OT. With regard to what you have just
> said, we all have the ability to monitor what the "Upstream Vendor"
> does.

And I'm sorry that you think that well-known but unpatched 
vulnerabilities in the software published as CentOS is OT.  What the 
upstream vendor has said about it isn't the relevant point.  What is 
relevant is that CentOS has shipped the vulnerabilities; a lot of other 
people know about them, and the CentOS users deserve to know as well, 
especially when the fix is hidden in the CR repo.

-- 
   Les Mikesell
    lesmikesell at gmail.com