| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: [inbox] Re: RE: Linux (in)security On Thu, 23 Oct 2003, William Warren wrote: > This is am IBM problem not a Redhat and/or Linux problem. > No, red-hat problem really. IBM does the backend contract for support, be the dist Suse or red-hat. Red-hat holds the responsibility for maintaining the RPM's. Now, if the RPM's are not kept up to date, and red-hat does not properly keep IBM clued as to how 'fresh' their RPM's are, it falls into red-hats hands. If Suse were to do the same <maybe they do, maybe they are better prepared for their push into the IBM mainframe world?> then they would be suffering the same problems to their prospective customers as well. Look at any of the past red-hat advisories and their corresponnding platforms and fixup RPM's to address the issues; note that the s390 platform is *not* represented. This puts the onus of determining how fit and up-to-date the red-hat RPM's are for this platform soely upon the customer. As I said, red-hat was unprepared for this push having devoted little if any resources to it's maintainance schema. Their focus having been the i386/ai64/ppc platforms. Is this changing? We'll see as they rollout red-hat's version 9.0 for the s390 platform and how they commit to their backend support schema. Thanks, Ron DuFresne > Ron DuFresne wrote: > > [SNIP] > > > red-hat pushes out the product, which IBM is the back channel support for. > > I ask in the very first meeting with the red-hat sales-lizard; Umm, there > > was a vuln released today that affects the kernel, I see red-hat addressed > > this on the i386 and ia64 as well as the ppc platforms, has it been > > addressed on the s390, or can you just plain tell me we are not vuln? To > > which the red-had-lizard was clueless to the whole concept. And it took > > 4-5 months for IBM to get from red-hat their 'updates' page for s390 rmp's > > all of which were older then known issues/exploits. Turns out IBM claims > > to have been unaware that even though red-hat is chanrging for the > > platform enterprise release, They have not devoted any backend resources > > to keeping it current. Tells me that also, IBM could not have conducted > > an audit on what is mont maintained, let alone what was released. > > > > And points to the fact that even though it's possible to play linux on the > > IBM platforms, it's not really ready for prime time. > > > > Thanks, > > > > Ron DuFresne > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > "Cutting the space budget really restores my faith in humanity. It > > eliminates dreams, goals, and ideals and lets us get straight to the > > business of hate, debauchery, and self-annihilation." -- Johnny Hart > > ***testing, only testing, and damn good at it too!*** > > > > OK, so you're a Ph.D. Just don't touch anything. > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > -- > May God Bless you and everything you touch. > > My "foundation" verse: > Isaiah 54:17 No weapon that is formed against thee shall prosper; and > every tongue that shall rise against thee in judgment thou shalt > condemn. This is the heritage of the servants of the LORD, and their > righteousness is of me, saith the LORD. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists