On Thu, Jan 8, 2009 at 6:33 PM, Scott Silva <ssilva@xxxxxxxxxxxx> wrote: > on 1-8-2009 3:14 PM Warren, Eucke spake the following: <snip> >> I appreciate the response. If you recall I did post the link so it's a >> safe assumption that I read the page and understood it's content. What >> I'm after is whether there's any other information channel that might >> not be so obvious for seeing if there might be action coming up for an >> particular issue. Being in a highly regulated industry the legal >> department has a tough job. I work within the guidelines they set. >> <snip> >> I am restricted to 5.1 as approved by legal. 5.2 is not approved so 5.3 >> isn't an option either. Once I can sort out whether something >> "official" will fix this I can then determine how to pursue this >> internally. A workaround fix does not address that the kickstart-built >> system will still contain this bug as it will be built from RPM's that >> are not fixed. > You might want to hint to your legal department that unpatched servers sitting > on the internet are just waiting to be hacked and exploited. > The fact that they make you sit with an older version without any patches says > that they have no idea how much damage can be done, or how much info can leak > from unpatched systems. > > Maybe if a million customer records leak out because they won't let you patch > systems they might update their thinking. Well said Scott. They are in the gambling business and I fully support what the Nevada Gaming Commission (or those in other states) does. However, I cannot imagine they want Software that has been updated for Security or Stability reasons not to be updated. <http://www.wms.com/aboutwms.php> Lanny _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos