On Thu, Jan 8, 2009 at 6:33 PM, Scott Silva <ssilva@xxxxxxxxxxxx> wrote:
> on 1-8-2009 3:14 PM Warren, Eucke spake the following:
<snip>
>> I appreciate the response. If you recall I did post the link so it's a
>> safe assumption that I read the page and understood it's content. What
>> I'm after is whether there's any other information channel that might
>> not be so obvious for seeing if there might be action coming up for an
>> particular issue. Being in a highly regulated industry the legal
>> department has a tough job. I work within the guidelines they set.
>>
<snip>
>> I am restricted to 5.1 as approved by legal. 5.2 is not approved so 5.3
>> isn't an option either. Once I can sort out whether something
>> "official" will fix this I can then determine how to pursue this
>> internally. A workaround fix does not address that the kickstart-built
>> system will still contain this bug as it will be built from RPM's that
>> are not fixed.
> You might want to hint to your legal department that unpatched servers sitting
> on the internet are just waiting to be hacked and exploited.
> The fact that they make you sit with an older version without any patches says
> that they have no idea how much damage can be done, or how much info can leak
> from unpatched systems.
>
> Maybe if a million customer records leak out because they won't let you patch
> systems they might update their thinking.
Well said Scott. They are in the gambling business and I fully support
what the Nevada Gaming Commission (or those in other states) does.
However, I cannot imagine they want Software that has been updated for
Security or Stability reasons not to be updated.
<http://www.wms.com/aboutwms.php> Lanny
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
