On 01/25/2013 12:12 AM, Lennart Poettering wrote:
So, you can ignore all of that, but then you have to think about what
you actually accomplished by your upgrade? You updated a couple of
libraries, and maybe managed to restart a few processes using them, but
for the rest of them the vulnerable openssl version is still in memory,
still actively used, even though your update script exited successfully
leaving the user under the impression that all was good now and that
after he made this upgrade his machine was not vulnerable anymore.
And how this differ from
yum upgrade
which I'm doing every day/week?
Lets pretend I'm still running Fedora 16 and every day I do yum-upgrade
and not rebooted from day zero.
I have exactly the same problem as during yum upgrade to next Fedora
release.
So we are ignoring this behaviour in middle of release, but it is very
serious problem between releases?
--
Miroslav Suchy
Red Hat Systems Management Engineering
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
