[CentOS] Update to Centos 5 anaconda kickstart %post bug?

Thu Jan 8 23:33:08 UTC 2009
Scott Silva <ssilva at sgvwater.com>

on 1-8-2009 3:14 PM Warren, Eucke spake the following:
> Scott Silva wrote:
>> The bug page gives you the status. It was assigned (to Karanbir), and
> he ack'ed it. If it was fixed, it would 
>> be resolved. It shouldn't be that hard to apply the fix manually and
> your legal department is too rigid if they 
>> are that picky about a fix to "free" software. I can see if they were
> paying contract support on it.
> 
> I appreciate the response.  If you recall I did post the link so it's a
> safe assumption that I read the page and understood it's content.  What
> I'm after is whether there's any other information channel that might
> not be so obvious for seeing if there might be action coming up for an
> particular issue.  Being in a highly regulated industry the legal
> department has a tough job.  I work within the guidelines they set.
> 
>> If Karanbir thinks it merits an upstream bug report, I'm almost sure
> he might do that, if the original bug 
>> poster doesn't. It "might" be fixed by the time
>> 5.3 comes out, but do you want to wait?
> 
> I am restricted to 5.1 as approved by legal.  5.2 is not approved so 5.3
> isn't an option either.  Once I can sort out whether something
> "official" will fix this I can then determine how to pursue this
> internally.  A workaround fix does not address that the kickstart-built
> system will still contain this bug as it will be built from RPM's that
> are not fixed.
> 
> 
> 
> Eucke
You might want to hint to your legal department that unpatched servers sitting
on the internet are just waiting to be hacked and exploited.
The fact that they make you sit with an older version without any patches says
that they have no idea how much damage can be done, or how much info can leak
from unpatched systems.

Maybe if a million customer records leak out because they won't let you patch
systems they might update their thinking.



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20090108/72554f80/attachment-0005.sig>