[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0310240945490.17348-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: [inbox] Re: RE: Linux (in)security
On Thu, 23 Oct 2003, William Warren wrote:
> This is am IBM problem not a Redhat and/or Linux problem.
>
No, red-hat problem really. IBM does the backend contract for support, be
the dist Suse or red-hat. Red-hat holds the responsibility for
maintaining the RPM's. Now, if the RPM's are not kept up to date, and
red-hat does not properly keep IBM clued as to how 'fresh' their RPM's
are, it falls into red-hats hands. If Suse were to do the same <maybe
they do, maybe they are better prepared for their push into the IBM
mainframe world?> then they would be suffering the same problems to their
prospective customers as well. Look at any of the past red-hat advisories
and their corresponnding platforms and fixup RPM's to address the
issues; note that the s390 platform is *not* represented. This puts the
onus of determining how fit and up-to-date the red-hat RPM's are for this
platform soely upon the customer. As I said, red-hat was unprepared for
this push having devoted little if any resources to it's maintainance
schema. Their focus having been the i386/ai64/ppc platforms.
Is this changing? We'll see as they rollout red-hat's version 9.0 for the
s390 platform and how they commit to their backend support schema.
Thanks,
Ron DuFresne
> Ron DuFresne wrote:
> > [SNIP]
>
> > red-hat pushes out the product, which IBM is the back channel support for.
> > I ask in the very first meeting with the red-hat sales-lizard; Umm, there
> > was a vuln released today that affects the kernel, I see red-hat addressed
> > this on the i386 and ia64 as well as the ppc platforms, has it been
> > addressed on the s390, or can you just plain tell me we are not vuln? To
> > which the red-had-lizard was clueless to the whole concept. And it took
> > 4-5 months for IBM to get from red-hat their 'updates' page for s390 rmp's
> > all of which were older then known issues/exploits. Turns out IBM claims
> > to have been unaware that even though red-hat is chanrging for the
> > platform enterprise release, They have not devoted any backend resources
> > to keeping it current. Tells me that also, IBM could not have conducted
> > an audit on what is mont maintained, let alone what was released.
> >
> > And points to the fact that even though it's possible to play linux on the
> > IBM platforms, it's not really ready for prime time.
> >
> > Thanks,
> >
> > Ron DuFresne
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > "Cutting the space budget really restores my faith in humanity. It
> > eliminates dreams, goals, and ideals and lets us get straight to the
> > business of hate, debauchery, and self-annihilation." -- Johnny Hart
> > ***testing, only testing, and damn good at it too!***
> >
> > OK, so you're a Ph.D. Just don't touch anything.
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
> --
> May God Bless you and everything you touch.
>
> My "foundation" verse:
> Isaiah 54:17 No weapon that is formed against thee shall prosper; and
> every tongue that shall rise against thee in judgment thou shalt
> condemn. This is the heritage of the servants of the LORD, and their
> righteousness is of me, saith the LORD.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists