[CentOS] gnutls bug

Thu Mar 6 16:02:45 UTC 2014
Les Mikesell <lesmikesell at gmail.com>

On Thu, Mar 6, 2014 at 12:57 AM, Cliff Pratt <enkiduonthenet at gmail.com> wrote:
> I have some sympathy for Michael. There are organisations which are so
> paranoid that they will not allow updates between eg 6.4 and 6.5, either
> because they insist on rigorous (ie lengthy and time consuming) regression
> testing of applications or because a third party package vendor specifies a
> particular level of OS for their product (I can think of at least two).
>
> Who has not been caught in the "not supported here" trap? You install a
> package from the OS supplier, and have an issue with it. You go to the
> forum for the package and get the response "upgrade to the latest release",
> but the OS supplier will not support the OS if you upgrade the package to
> the latest release!

A strict requirement based on arbitrary version numbers may be
foolish, but a requirement for thorough testing before any change to a
production environment is not - even though the changes that happen
through the minor releases of an 'enterprise' OS have already been
vetted for changes to existing APIs.  However, you really have to
assume that whatever you are running has security flaws and you have
to be prepared to roll out the fixes as soon as possible after they
are released since at that point the vulnerabilities will be well
known.  So, you need a fairly agile testing/deployment process to
match your policy and keep it from doing more harm than good.

-- 
   Les Mikesell
    lesmikesell at gmail.com