RE: [inbox] Re: RE: Linux (in)security

[Ron DuFresne <dufresne () winternet com>]

        [SNIP]


> > First, people can actually audit it for security (you think IBM
> > recommended Linux without going over every single line of code?)
>
> Yes.


To support this, take red-hat on the s390 platform;

red-hat pushes out the product, which IBM is the back channel support for.
I ask in the very first meeting with the red-hat sales-lizard;  Umm, there
was a vuln released today that affects the kernel, I see red-hat addressed
this on the i386 and ia64 as well as the ppc platforms, has it been
addressed on the s390, or can you just plain tell me we are not vuln?  To
which the red-had-lizard was clueless to the whole concept.  And it took
4-5 months for IBM to get from red-hat their 'updates' page for s390 rmp's
all of which were older then known issues/exploits.  Turns out IBM claims
to have been unaware that even though red-hat is chanrging for the
platform enterprise release, They have not devoted any backend resources
to keeping it current.  Tells me that also, IBM could not have conducted
an audit on what is mont maintained, let alone what was released.

And points to the fact that even though it's possible to play linux on the
IBM platforms, it's not really ready for prime time.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html