Re: New sendmail and missing /usr/lib/sendmail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2006-03-25 at 10:24 -0500, David Eisner wrote:
> 
> Other distros had advance warning about this vulnerability, and hence 
> more time to apply patches and do testing.  Is there a way Fedora Legacy 
> could be added to the list of vendors that are notified in this type of 
> situation?
> 
> Who decides whom to notify in advance. Sendmail, Inc.? I imagine they 
> want vendors to keep the information under wraps until the official 
> announcement is made. (I could be wrong.)  How would this work with 
> Fedora Legacy?  Is it possible?
> 

This one was pushed by CERT, and they have individual agreements with
various vendors.  Fedora Legacy isn't one of those vendors.  However
after speaking with Red Hat security team, it turns out that CERT drives
an issue like this once a year or so, very low volume.  The majority of
other issues are vetted through vendor-sec, which we are a part of.  We
are moving to a point in which we can prepare updates prior to the issue
being public.  Our new build software was a huge step, so look for
faster response times in the future.

-- 
Jesse Keating RHCE      (geek.j2solutions.net)
Fedora Legacy Team      (www.fedoralegacy.org)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)

Attachment: signature.asc
Description: This is a digitally signed message part

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux