lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: John.Airey at rnib.org.uk (John.Airey@...b.org.uk)
Subject: Fw: Red Hat Linux end-of-life update and tr
	ansition planning

> -----Original Message-----
> From: Ron DuFresne [mailto:dufresne@...ternet.com]
> Sent: 04 November 2003 15:57
> To: Paul Tinsley
> Cc: Michael Gale; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Fw: Red Hat Linux end-of-life 
> update and
> transition planning
> 
> 
> 
> 
> Ahh, yes, but, try and determine of yhe RH rpm's are up-to-date with
> current sploits.  RH has it's own versioning system and one can find
> temselves doing a RH website crawl into the ethers...
> 
> Or, talk to John Airey <hope I spelled that correctly John> 
> about trying
> to upgrade openssl and or mod_ssl for apache.
> 
> As a few others have hinted;  RH imagines itself to be a 
> contender with
> the M$ desktop market, and even M$ in it's past anti-trust 
> suits tried to
> bolster that image...
> 
> But, the plain and simple is, many RH users founder at a commandline.
> 
> 
> Thanks,
> 
> Ron DuFresne
> 
Since Ron's thrown my name into the mix (good spelling too, I've had eerie,
eyrie, airy...) I'll throw my tuppence worth into the mix as well.

Red Hat are a commercial company who are trying to make money. There's
nothing intrinsically wrong with that. (Now extortion or anti-competitive
practices are another matter). They have decided to separate their
commercial offering from their "free" offering (I know that Red Hat 9 et al
are sold commercially, but the ISOs have been available for download for
some time).

These changes to licensing make for a lot of work for us, however we've been
running Red Hat Linux 7.2 for over two years now for next to nothing in
actual cost terms. We may go for Fedora or Enterprise Linux or even a
mixture of both. We might even change completely to another distro, though
we'd have to lose a lot of investment in Red Hat if we did. Red Hat is
making ISO images available for Fedora, so apart from the lack of Red Hat
Network support (not very well advertised I have to say) and the rapid
development, there's not a great deal of difference. However, it's going to
take some work for anyone to run anything critical on it (as you'll be
reinstalling every 7-9 months).

I notice also that Red Hat are even discounting subscriptions to Red Hat
Network to $20, even though there is nearly six months support of Red Hat 9
left. Currently registered users are getting a 50% discount on their WS and
ES offerings, so the additional per server cost can be as low as $115 per
year for the first two years. So really I think Red Hat have been quite
generous, as they have also been generous in allowing you to update more
than one server with only a single subscription. So I don't understand what
the fuss is about.

As for building mod_ssl and openssl, what Ron is referring to is me helping
out people who have stuffed their installation of Red Hat by removing the
openssl packages from post Red Hat 7.0 machines (Bad idea. Don't do it).
There's a section in the openssl FAQ now that I wrote which advises users
not to overwrite the version installed if they want to build openssl
separately. I've ignored the rants of those who insist that they can advise
people to remove it simply because I can't be bothered to argue with them. 

I include my qualifications not as a badge of merit, but to show where my
bias might lie. I also have at least one friend from university who works
for Red Hat. I would end by saying that the RHCE exam was the toughest of my
life (and that includes my driving test that I failed five times).

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@...b.org.uk 

Political correctness - a modern day tool to confuse the minds of the
unwary.

- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ