Thanks for all the thoughtful responses. I have learned a couple of things. On Thu, Mar 6, 2014 at 7:26 AM, Leon Fauster <leonfauster at googlemail.com>wrote: > Am 06.03.2014 um 01:00 schrieb Michael Coffman < > michael.coffman at avagotech.com>: > > On Wed, Mar 5, 2014 at 4:44 PM, John R Pierce <pierce at hogranch.com> > wrote: > > > >> On 3/5/2014 3:36 PM, Michael Coffman wrote: > >>> Not sure what your environment looks like but the systems I manage are > >>> locked down and it's typically difficult to get them changed. We have > >>> hundreds of systems ( desktop, server and HPC systems) that are all the > >>> same rev with all the same packages. A large number of vendor > packages > >>> and internally developed packages have to be re-qualified everytime > >>> anything is changed. So we don't change them often. > >> > >> so you're a year behind on any security fixes.... why are you worried > >> about this one, then? > >> > > > > > > This seems like it has more potentiol to impact users in my environment > > that are using a web browser to access sites outside our firewall. It > > seemed like a reasonable question to me as it looke like it might be > easily > > updated. I did not realize that once the OS was vaulted, there were no > > more updates. Now I know so thanks... > > > The OS is not vaulted. I suggest to rethink the mental model of the OS > point releases. > > IMHO the above mentioned policy brings less security into the organization > then it > tries to suggest and do not forget that the most attacks came from > internal. > > There are more fixes to worry about > > https://rhn.redhat.com/errata/rhel-server-6-errata.html > > > -- > LF > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- -MichaelC