[CentOS-devel] yum-plugin-security and shellshock
Karanbir Singh
mail-lists at karan.org
Thu Oct 2 08:32:47 UTC 2014
On 10/01/2014 08:41 PM, Kevin Stange wrote:
> I'll be honest: I don't care about this scenario at all. My spacewalk
> server would take care of this just by virtue of CentOS having the data
> ever available for these packages and constantly keeping itself current.
but your usecase does not represent a sane interface from the project
side - hacking up something that is going to put users at risk is far
worse that communicating that users need to really just apply all updates.
I really dont understand the corner case arguments you make here, Kevin
you are far smarter than this. Are you just trying to tick a box off and
dont care if that leaves a majority of the userbase exposed by
incorrectly commnunicated confidence ?
The fact that you are actually looking to penalise people who dont run
updates nightly is very dangerious.
--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc
More information about the CentOS-devel
mailing list