on 1-8-2009 3:14 PM Warren, Eucke spake the following: > Scott Silva wrote: >> The bug page gives you the status. It was assigned (to Karanbir), and > he ack'ed it. If it was fixed, it would >> be resolved. It shouldn't be that hard to apply the fix manually and > your legal department is too rigid if they >> are that picky about a fix to "free" software. I can see if they were > paying contract support on it. > > I appreciate the response. If you recall I did post the link so it's a > safe assumption that I read the page and understood it's content. What > I'm after is whether there's any other information channel that might > not be so obvious for seeing if there might be action coming up for an > particular issue. Being in a highly regulated industry the legal > department has a tough job. I work within the guidelines they set. > >> If Karanbir thinks it merits an upstream bug report, I'm almost sure > he might do that, if the original bug >> poster doesn't. It "might" be fixed by the time >> 5.3 comes out, but do you want to wait? > > I am restricted to 5.1 as approved by legal. 5.2 is not approved so 5.3 > isn't an option either. Once I can sort out whether something > "official" will fix this I can then determine how to pursue this > internally. A workaround fix does not address that the kickstart-built > system will still contain this bug as it will be built from RPM's that > are not fixed. > > > > Eucke You might want to hint to your legal department that unpatched servers sitting on the internet are just waiting to be hacked and exploited. The fact that they make you sit with an older version without any patches says that they have no idea how much damage can be done, or how much info can leak from unpatched systems. Maybe if a million customer records leak out because they won't let you patch systems they might update their thinking. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20090108/72554f80/attachment-0005.sig>