[CentOS] Update to Centos 5 anaconda kickstart %post bug?

Thu Jan 8 23:41:06 UTC 2009
Lanny Marcus <lmmailinglists at gmail.com>

On Thu, Jan 8, 2009 at 6:33 PM, Scott Silva <ssilva at sgvwater.com> wrote:
> on 1-8-2009 3:14 PM Warren, Eucke spake the following:
<snip>
>> I appreciate the response.  If you recall I did post the link so it's a
>> safe assumption that I read the page and understood it's content.  What
>> I'm after is whether there's any other information channel that might
>> not be so obvious for seeing if there might be action coming up for an
>> particular issue.  Being in a highly regulated industry the legal
>> department has a tough job.  I work within the guidelines they set.
>>
<snip>
>> I am restricted to 5.1 as approved by legal.  5.2 is not approved so 5.3
>> isn't an option either.  Once I can sort out whether something
>> "official" will fix this I can then determine how to pursue this
>> internally.  A workaround fix does not address that the kickstart-built
>> system will still contain this bug as it will be built from RPM's that
>> are not fixed.

> You might want to hint to your legal department that unpatched servers sitting
> on the internet are just waiting to be hacked and exploited.
> The fact that they make you sit with an older version without any patches says
> that they have no idea how much damage can be done, or how much info can leak
> from unpatched systems.
>
> Maybe if a million customer records leak out because they won't let you patch
> systems they might update their thinking.

Well said Scott. They are in the gambling business and I fully support
what the Nevada Gaming Commission (or those in other states) does.
However, I cannot imagine they want Software that has been updated for
Security or Stability reasons not to be updated.
<http://www.wms.com/aboutwms.php> Lanny