[CentOS] CentOS security advisories

Thu Jun 18 00:37:21 UTC 2009
R P Herrold <herrold at centos.org>

On Wed, 17 Jun 2009, Joshua Bahnsen wrote:

> I assume you mean this?
> http://www.redhat.com/legal/legal_statement.html

That is an assumption you make, all right --- that page does 
not state it is exhaustive, however ...

> What I mean is, is there a specific Red Hat web page that 
> defines what is acceptable and what is not?

Feel free to ask them, just not on this list

> What exactly do you mean by "breaching the rhn aup's"?

Red Hat's outside counsel has made a statement asserting (in 
part) CentOS project misbehavior by so-called 'deep linking' 
as follows:

 	Moreover, our client does not allow others [in a
 	letter directed to asserted improper CentOS project
 	behavior] to provide links to our client's web site
 	without permission.


>> earlier: K B Singh wrote:
>> yes, its come up a few times, there has been some work done 
>> on it as well, however there is no automated way to get 
>> this info without breaching the rhn aup's

I realize you [Joshua Bahnsen] feel a need to top post for 
some reason, but it simply means that context threading is 
broken.

Red Hat's counsel threatened litigation against the project if 
it did not address various alleged issues:

 	... we trust that this issue can be resolved promptly
 	and amicably and appreciate your attention to this
 	matter. We look forward to your reply and request a
 	response no later than February 4, 2005

Why would the project go again near a sharp edge that Red Hat 
has chosen to take offense at?  Who shall insure and indemnify 
the project and its members against the costs of defense, let 
alone any damages award?

Please note that I do not need a reply on that question, as it 
is clearly a rhetorical question.

-- Russ herrold