On 21 July 2011 16:41, Les Mikesell <lesmikesell at gmail.com> wrote: > On 7/21/2011 10:19 AM, Alan Bartlett wrote: >> On 21 July 2011 16:05, Les Mikesell<lesmikesell at gmail.com> wrote: >> >>> The important thing to know is when published CVE's are fixed upstream >> >> Sorry Les but you are going OT. With regard to what you have just >> said, we all have the ability to monitor what the "Upstream Vendor" >> does. > > And I'm sorry that you think that well-known but unpatched > vulnerabilities in the software published as CentOS is OT. What the > upstream vendor has said about it isn't the relevant point. What is > relevant is that CentOS has shipped the vulnerabilities; a lot of other > people know about them, and the CentOS users deserve to know as well, > especially when the fix is hidden in the CR repo. Riding on your hobby-horse, once again. See KB's opening post to this thread. That sets the topic. Alan.