[WBEL-devel] whitebox - security updates and mirror question

[Jamey Fletcher]

On Fri, 19 Mar 2004, William Hooper wrote:

> Paulo Matos said:

> > 	I have to convince my boss that those updates are guarenteed by
> > whitebox as soon as they appear on redhat...

> There are no guarentees of anything.  As the web site says "In fact, if
> you need a fully tested and supported OS you probably should go buy their
> [Red Hat's] box set."

> That said, John has been very good about getting updates out.

As it happens, John is currently away at a Library-related convention.  
However, he has high-speed internet in his hotel room; there's a fair 
chance a package could show up tonight.

However, one guarantee you have for White Box is that the RedHat *source* 
RPMs are freely available, and any WhiteBox installation with the build 
chain installed *should* be able to rebuild the RH source package - the 
advantage of John doing it is that it goes to the mirrors, and up2date 
knows about it.

However, like any other security threat, each threat must be evaluated in 
terms of *your* system, and your reaction should match - should you look 
at the Security Alert and dive into the code yourself to fix it *NOW*, or 
wait for the project managers to issue a fix, and build it into a package, 
or wait for your distro vendor to release a package.  Can you live with 
that service running, or do you need to shut it down *NOW* - and if you do 
shut it down, does it shut down your business?

One of these millennia, we'll have a one-size-fits-all distro - and I hope 
I never see it - because it'll be the worst thing that could possibly 
happen to Linux.

-- 
					Jamey
				      ----<--<@
				jamey@beau.lib.la.us