On Fri, Feb 18, 2011 at 7:39 PM, James Hogarth <james.hogarth at gmail.com> wrote: >> >> Joe, Randy and James are my mentors of 15, 5 and 5 years, >> respectively, and all said the same thing, namely "nuke and repave, be >> sure to be current on BIND" since it is a purpose-built box (ns1). > > Perhaps is it a difference in language and what you mean by mentor and > where I would mean old colleague/peer who I have discussed this with. Wikipedia says "This is the source of the modern use of the word mentor: a trusted friend, counselor or teacher, usually a more experienced person." I am not their peer; they are my mentors. They have been invaluable over the 25 combined years of mentorship to this rural ISP. > Remember that the version number you see on BIND is not always the > equivalent of upstream due to backports. You should check the relevant > RHEL errata, the package %changelog and CVE to get a better > understanding of what exploits are known and what has been patched. Johnny has remarked on the importance of trust. My trust in RedHat went down when I learned they are not shipping all the SRPMs. Some say it is due to human error. If that is the case, why should I think they are better at backporting security fixes than at making sure a manifest of SRPMs is complete and correct?