[WBEL-devel] whitebox - security updates and mirror question

[Jeff Maze]

But I see that OpenSSL 0.9.7d is out because of a security advisory with prior 
0.9.7x versions.  How soon do you think Red Hat will release SRPM's for 
0.9.7d?  Just was curious.

On Friday 19 March 2004 03:53 pm, Jamey Fletcher wrote:
> On Fri, 19 Mar 2004, William Hooper wrote:
> > Paulo Matos said:
> > > 	I have to convince my boss that those updates are guarenteed by
> > > whitebox as soon as they appear on redhat...
> >
> > There are no guarentees of anything.  As the web site says "In fact, if
> > you need a fully tested and supported OS you probably should go buy their
> > [Red Hat's] box set."
> >
> > That said, John has been very good about getting updates out.
>
> As it happens, John is currently away at a Library-related convention.
> However, he has high-speed internet in his hotel room; there's a fair
> chance a package could show up tonight.
>
> However, one guarantee you have for White Box is that the RedHat *source*
> RPMs are freely available, and any WhiteBox installation with the build
> chain installed *should* be able to rebuild the RH source package - the
> advantage of John doing it is that it goes to the mirrors, and up2date
> knows about it.
>
> However, like any other security threat, each threat must be evaluated in
> terms of *your* system, and your reaction should match - should you look
> at the Security Alert and dive into the code yourself to fix it *NOW*, or
> wait for the project managers to issue a fix, and build it into a package,
> or wait for your distro vendor to release a package.  Can you live with
> that service running, or do you need to shut it down *NOW* - and if you do
> shut it down, does it shut down your business?
>
> One of these millennia, we'll have a one-size-fits-all distro - and I hope
> I never see it - because it'll be the worst thing that could possibly
> happen to Linux.