On Jan 8, 2009, at 6:35 PM, "Warren, Eucke" <EWarren@xxxxxxx> wrote:
> Lanny Marcus Wrote:
>> Does that mean that your Legal Department does not permit you to
> upgrade your box, to get the latest packages,
>> issued for Security & Stability reasons? 5.1, as you are well aware,
> is not the latest and greatest.
>
> That is correct. What they approve is based on the contents of the
> DVD
> or CD for a particular version at the time of initial release. The
> governmental regulatory framework in which we work is what drives the
> requirements. I am well aware that 5.1 is not the latest, greatest,
> current or anything else of that matter.
Is your legal group aware that your company/agency has opened itself
up to the risks of litigation in the event any customer or emloyee
information is stolen due to negligent security practices?
Failure to apply the provided security patches for an OS is considered
negligent.
This applies to internal security breaches as well as external.
I seriously doubt your legal group understands the regulatory issues
properly.
-Ross
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
