On Thu, Nov 08, 2007 at 07:36:24PM +0100, Simon Matter wrote: > It may not be worth for you to worry about it but it is worth for me and > maybe also for Ken. People using my RPMs expect things to work. And people > do use it on affected systems and they fill my mailbox or the list with > complaints if Cyrus segfaults for them. People using RPMs can just install the security updates just as easily as a new Cyrus RPM. The Red Hat advisory said a patch is available even for Red Hat 7.1; are you still actively maintaining packages for Red Hat 6.x? And what is better? Hiding the problem under the carpet, or saying "See, you have a security bug that is known for 4 years. If you have a bug that old you probably have lots of other unfixed security bugs as well. Go fix your system!". If you do care about the users, you should educate them to always install security updates. Gabor -- --------------------------------------------------------- MTA SZTAKI Computer and Automation Research Institute Hungarian Academy of Sciences --------------------------------------------------------- ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html