On 12/28/2011 01:44 AM, Bennett Haselton wrote: > On Tue, Dec 27, 2011 at 10:08 PM, Ken godee <ken@xxxxxxxxxxxxxxxxx> wrote: > >>> password"? That's what I'm talking about -- how often does this sort of >>> thing happen, where you need to be subscribed to be a security mailing >> list >>> in order to know what workaround to make to stay safe, as opposed to >> simply >>> running yum-updatesd to install latest patches automatically. >> >> Happens all the time! > > > Really? An exploit is released in the wild, and there's a lag of several > days before a patch is available through updates -- "all the time"? How > often? Every week? > > Since Gilbert and "supergiantpotato" seemed to be saying the opposite (that > unpatched OS- and web-server-level exploits were pretty rare), what data > were you relying on when you said that it "happens all the time"? > > >> Count on it! If running any server available to >> the public there is no "set and forget" if you're responsible for that >> server you best stay informed/subscribed and ready to take action be it >> a work around, update or whatever. This website deals specifically with RHEL and security metrics: http://www.awe.com/mark/blog/tags/metrics CentOS will usually release security updates within 24 hours of upstream during normal security updates and within 2 weeks on a "Point Release" (a point release is a move from 5.6 to 5.7 or 6.1 to 6.2, etc.). If you need faster updates than CentOS can provide, then RHEL is the logical alternative.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
