Security updates are too slow or none existant
From: Nathan G. Grennan (fedora-list_at_cygnusx-1.org)
Date: 02/07/04
- Previous message: Randy Kelsoe: "Re: RPM package for RH Linux 6.1 vs FC1 {Scanned}"
- Next in thread: William Hooper: "Re: Security updates are too slow or none existant"
- Reply: William Hooper: "Re: Security updates are too slow or none existant"
- Reply: Pedro Fernandes Macedo: "Re: Security updates are too slow or none existant"
- Reply: Vincent: "Re: Security updates are too slow or none existant"
- Maybe reply: Jef Spaleta: "Re: Security updates are too slow or none existant"
- Maybe reply: Jef Spaleta: "Re: Security updates are too slow or none existant"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: fedora-list@redhat.com Date: Sat, 07 Feb 2004 14:46:01 -0800
The difference in speed of release of updates, or the release of the
updates at all seems to have greatly changed with time between Red Hat
Linux 9 and Fedora Core 1. This seems to be a confirmation of my fears.
If you compare the Red Hat Linux 9 errata list over the last few months
to Fedora's updates list you see delays or lack of releases for Fedora
Core 1 that were made for Red Hat Linux 9. Examples, mailman(only in
Fedora Core 1 updates testing), slocate(4 days late), mc(no update),
tcpdump(no update), and httpd(3 weeks late). The emerging policy inside
Red Hat for Fedora Core is something like be as lazy as you want to be
about security updates. The net effect seems to be many local exploits,
and remote exploits attackable for too long. You might question if this
is just a case of different packages and versions between Red Hat Linux
9 and Fedora Core 1. I did look at the Red Hat 9 errata closely for
affected versions, and compared dates. In the above cases Fedora Core 1
should be in the affected list.
There are also issues that end up isolated to Fedora Core 1, like the
current situation with gaim. There are vulnerabilities in gaim(patch
available, Debian has used it) and there is no sign of a patched rpm for
Fedora.
So Red Hat is neglecting Fedora Core 1's security. This is very
disturbing. It is made worse from my perspective by talk of community
involvement in packaging, but then almost none exists. The community
could put a lot of effort into security releases to take some of the
burden off Red Hat. Then it job would be to confirm it and release it.
At the very least it would get things into updates testing faster, and
hence make them more available.
URL about errata/updates:
https://rhn.redhat.com/errata/rh9-errata.html
http://fedoranews.org/updates/
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: Randy Kelsoe: "Re: RPM package for RH Linux 6.1 vs FC1 {Scanned}"
- Next in thread: William Hooper: "Re: Security updates are too slow or none existant"
- Reply: William Hooper: "Re: Security updates are too slow or none existant"
- Reply: Pedro Fernandes Macedo: "Re: Security updates are too slow or none existant"
- Reply: Vincent: "Re: Security updates are too slow or none existant"
- Maybe reply: Jef Spaleta: "Re: Security updates are too slow or none existant"
- Maybe reply: Jef Spaleta: "Re: Security updates are too slow or none existant"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
