[CentOS-devel] yum-plugin-security and shellshock

Thu Oct 2 16:25:31 UTC 2014
Les Mikesell <lesmikesell at gmail.com>

On Thu, Oct 2, 2014 at 3:39 AM, Karanbir Singh <mail-lists at karan.org> wrote:
> >
> Besides, if its a case of winging it, why not wing it with a 'yum update
> \*' - atleast you are then winging it with a tested process ( upstream
> and to -some- extent in centos.org too ).
>

Please reconsider that statement for the scenario where the bulk of
the code running on the server is 3rd party and locally developed.
Your recommendation throws together a vast number of changes that are
not tested together with the applications that are the reason for
running the machine,  and most of which are not at all necessary.
But once a vulnerability has been made public, you really have no
choice but to fix that specific thing.

-- 
   Les Mikesell
    lesmikesell at gmail.com