What does "supported" mean for Fedora Core 1 software?

Tue Apr 13 16:38:21 UTC 2004

Thanks for the unwanted explanation about general security but if you read all 
the thread, we are talking about Fedora Core and support. 

I want to know the availability of patches in Fedora Core 1  if in the future 
someone found a vulnerability i must upgrade to Core 2 if i want to have a 
patch 

El Martes 13 Abril 2004 16:57, escribiste:
> On Tue, 2004-04-13 at 10:07, StoneBeat wrote:
> > I have a doubt,  imagine that tomorrow someone discovered that OpenSSH
> > shipped with Fedora Core 1 had a remote exploitable vulnerability.
> >
> > How would i be able to get the patch for this vulnerability ?
> >
> > would i be able to get patched using "yum update" ?
> >
> > would Redhat / Fedora  publish an Update in
> > http://fedora.redhat.com/updates/released/ ?
> >
> > El Lunes 12 Abril 2004 22:03, Bill Nottingham escribiÃ³:
> > > Christofer C. Bell (cbell at jayhawks.net) said:
> > > > What does "support" mean for Fedora Core 1 software?  I'm not trying
> > > > to sound like sour grapes, but I'm honestly curious.  I've submitted
> > > > a couple of bug reports (and submitted the fix with one of them) and
> > > > so far both have come back closed with "fixed in rawhide."
> > > >
> > > > I guess I don't know what this means, exactly.
> > >
> > > Rawhide means that it's fixed in the development tree. If this
> > > is done before FC2 is finalized, this generally means that it will be
> > > fixed in FC2.
> > >
> > > Bill
>
> In a word yes. The Linux community as a whole has had patches out faster
> than any other O.S. Also Red Hat has been prompt to post these patches
> when available. Also, just because a 'vulnerability' is found doesn't
> mean it is actually exploitable. A lot of these are problems such as
> buffer overflows or bad special character parsing.
>
> At best they allow a chance for exploitation and usually require a fair
> amount of programming skill, time, and failed attempts for a cracker,
> usually through zombies. Most crackers would move on to an easier target
> unless you are the 'specific' target.
>
> The reality of system compromises are from an internal nature S.A. my
> old employer would remove all sensitive data from hard drives, but left
> user names and passwords on the disk. Not until I took my PHLAK disk and
> went through the disk with the office manager did this change!
>
> Users are forever downloading worms, trojans, and viruses on systems.
> Uneducated users they are the greatest liability to security.
>
> If your system is updated, say monthly, and your firewall properly set
> up and maintained, the major issue becomes users.