[CentOS] URGENT! Shellshock fix DOES NOT fix the bug on CentOS 5.4

Sun Sep 28 17:22:20 UTC 2014
Greg Lindahl <lindahl at pbm.com>

On Sun, Sep 28, 2014 at 01:32:38PM +0200, Leon Fauster wrote:

> It would be great to get some feedback what such cases 
> are, that let people stay on older releases?  

Upstream can change the kernel module API quite violently in minor
releases, which means that hardware products that have associated
kernel modules often are a release behind.

Certification is another source of lag. It can take a while to certify
that the test suite for a complicated product (like a commercial
database) runs successfully on a new minor release. Some vendors skip
half the minor releases (or more) to reduce cost.

A third source is companies with homegrown code deployed on CentOS
servers and poor-quality test suites. They tend to be in the "omg
never change anything unless forced at gunpoint!" camp. It's an
unfortunate situation, and it can cost a lot of money and time to fix.

Not sure that this goes in the FAQ, though!

-- greg