Red Hat updates apache, elm, cvs, kdepim

[Christian Pearce]

I kind of see both sides of the problem.  I do agree more with Todd, but I wonder if RedHat has faced this before.  Did they release a vuln that effect RHL 9 and then mention it doesn't effect 7x and 8.0?  I think this is a tweener problem, and we don't really need to come up with anything.  IF we see it happening a lot or people are confused then lets act.  People can read the mailing ilsts if curious.  

--
Christian Pearce
http://www.commnav.com



Todd said:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Jesse Keating wrote:
> > We should write an advisory that this vul does not effect the
> > releases we support.  Thoughts on format?
> 
> Doesn't the KDE advisory make that clear enough?  Seems like there is
> already more than enough work just to keep up with the known updates.
> If there are folks insisting that the vulnerability affects KDE < 3.1
> then let them do some work to show that and then it might be worth
> looking at.
> 
> Putting out advisories that something *isn't* vulnerable seems useless
> at best and confusing at worst.  To me anyway.  It might be different
> if 8.0 had a vulnerable version and 7.x didn't.  Then noting that the
> vuln didn't affect 7.x might be good to do in the advisory for the
> updated 8.0 packages.  This case could happen with KDE packages after
> 9 goes EOL in April.
> 
> - -- 
> Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
> ======================================================================
> Hell hath no fury like a bureaucrat scorned.
>     -- Dr. Milton Friedman
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
> 
> iD8DBQFADt8Auv+09NZUB1oRArf8AJ0Tjx5MICTWKuKMoabyGbiqAUn7XACg3aNd
> MltmvDu8hIai6PuA9cd/F+c=
> =e4mw
> -----END PGP SIGNATURE-----
> 
> 
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-legacy-list
>