You wrote:
> Thanks for the explanation. yes I do understand that critical patches needs
> to be applied for any OS. But in this case it is not a stand alone machine,
> it is a cluster suite and OS was not installed separately. I would have
> definitely upgraded the system if this was stand alone box. If I remember
> correctly, long back I was suggested not to upgrade cluster suite due to
> various reasons. Though I will check on this and see if its upgradable. If
> it is, I will try it out.
Let me put it this way: is there *anything* other than an air gap between
this system and the Internet? If not, you *NEED* to file a report with
your manager(s), and get at *least* a return receipt - a *signed* by them
piece of paper would be a lot better - stating that the failure to update
to 5.10 is, in your professional opinion a very serious security risk, and
not doing so opens the gateway wide to a major security breach, and that
you have explained this to them, and they understand the risks.
Then point them to somewhere like, say, <http://krebsonsecurity.com/> and
have them read about the Sally Beauty breach, and, scrolling down the
Target breach, and all the other breaches, and the costs to the companies
involved of those breaches.
You really do need to pound this into their heads.
mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
