| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jlevitsk at joshie.com (Joshua Levitsky) Subject: Fw: Red Hat Linux end-of-life update and transition planning ----- Original Message ----- From: "Michael Gale" <michael@...esuperman.com> Sent: Monday, November 03, 2003 11:51 PM Subject: Re: [Full-Disclosure] Fw: Red Hat Linux end-of-life update and transition planning > So you are saying you trust up2date to take care of all your machine updates ? That is like saying you trust Microsoft auto update to handle your servers. What happens when they release a bad patch ? or one that hoses your machine. That's why Red Hat network has an interface where you pick what updates get deployed to each machine or to each group of machines. You authorize / schedule a patch on up2date and it will grab it. Alternatively you can run up2date --update on your boxes if you just want to fetch everything if you know all existing patches are good for your environment. > This way I can test and packages before they get installed and I KNOW THE SOURCE of the packages. There is no "ops .. RedHat servers have been hacked and I just installed ...". up2date uses GPG signatures to ensure the content is signed by Red Hat. Are you saying they would hack the up2date servers and compromise the private key?
Powered by blists - more mailing lists