Red Hat updates apache, elm, cvs, kdepim
Christian Pearce
pearcec at commnav.com
Wed Jan 21 20:39:25 UTC 2004
I kind of see both sides of the problem. I do agree more with Todd, but I wonder if RedHat has faced this before. Did they release a vuln that effect RHL 9 and then mention it doesn't effect 7x and 8.0? I think this is a tweener problem, and we don't really need to come up with anything. IF we see it happening a lot or people are confused then lets act. People can read the mailing ilsts if curious.
--
Christian Pearce
http://www.commnav.com
Todd said:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jesse Keating wrote:
> > We should write an advisory that this vul does not effect the
> > releases we support. Thoughts on format?
>
> Doesn't the KDE advisory make that clear enough? Seems like there is
> already more than enough work just to keep up with the known updates.
> If there are folks insisting that the vulnerability affects KDE < 3.1
> then let them do some work to show that and then it might be worth
> looking at.
>
> Putting out advisories that something *isn't* vulnerable seems useless
> at best and confusing at worst. To me anyway. It might be different
> if 8.0 had a vulnerable version and 7.x didn't. Then noting that the
> vuln didn't affect 7.x might be good to do in the advisory for the
> updated 8.0 packages. This case could happen with KDE packages after
> 9 goes EOL in April.
>
> - --
> Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
> ======================================================================
> Hell hath no fury like a bureaucrat scorned.
> -- Dr. Milton Friedman
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
>
> iD8DBQFADt8Auv+09NZUB1oRArf8AJ0Tjx5MICTWKuKMoabyGbiqAUn7XACg3aNd
> MltmvDu8hIai6PuA9cd/F+c=
> =e4mw
> -----END PGP SIGNATURE-----
>
>
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-legacy-list
>
More information about the fedora-legacy-list
mailing list