[CentOS] Update to Centos 5 anaconda kickstart %post bug?
lmmailinglists at gmail.com
Thu Jan 8 23:41:06 UTC 2009
On Thu, Jan 8, 2009 at 6:33 PM, Scott Silva <ssilva at sgvwater.com> wrote:
> on 1-8-2009 3:14 PM Warren, Eucke spake the following:
>> I appreciate the response. If you recall I did post the link so it's a
>> safe assumption that I read the page and understood it's content. What
>> I'm after is whether there's any other information channel that might
>> not be so obvious for seeing if there might be action coming up for an
>> particular issue. Being in a highly regulated industry the legal
>> department has a tough job. I work within the guidelines they set.
>> I am restricted to 5.1 as approved by legal. 5.2 is not approved so 5.3
>> isn't an option either. Once I can sort out whether something
>> "official" will fix this I can then determine how to pursue this
>> internally. A workaround fix does not address that the kickstart-built
>> system will still contain this bug as it will be built from RPM's that
>> are not fixed.
> You might want to hint to your legal department that unpatched servers sitting
> on the internet are just waiting to be hacked and exploited.
> The fact that they make you sit with an older version without any patches says
> that they have no idea how much damage can be done, or how much info can leak
> from unpatched systems.
> Maybe if a million customer records leak out because they won't let you patch
> systems they might update their thinking.
Well said Scott. They are in the gambling business and I fully support
what the Nevada Gaming Commission (or those in other states) does.
However, I cannot imagine they want Software that has been updated for
Security or Stability reasons not to be updated.
More information about the CentOS