Full Disclosure mailing list archives
Re: [inbox] Re: RE: Linux (in)security
From: Ron DuFresne <dufresne () winternet com>
Date: Fri, 24 Oct 2003 09:52:24 -0500 (CDT)
On Thu, 23 Oct 2003, William Warren wrote:
This is am IBM problem not a Redhat and/or Linux problem.
No, red-hat problem really. IBM does the backend contract for support, be the dist Suse or red-hat. Red-hat holds the responsibility for maintaining the RPM's. Now, if the RPM's are not kept up to date, and red-hat does not properly keep IBM clued as to how 'fresh' their RPM's are, it falls into red-hats hands. If Suse were to do the same <maybe they do, maybe they are better prepared for their push into the IBM mainframe world?> then they would be suffering the same problems to their prospective customers as well. Look at any of the past red-hat advisories and their corresponnding platforms and fixup RPM's to address the issues; note that the s390 platform is *not* represented. This puts the onus of determining how fit and up-to-date the red-hat RPM's are for this platform soely upon the customer. As I said, red-hat was unprepared for this push having devoted little if any resources to it's maintainance schema. Their focus having been the i386/ai64/ppc platforms. Is this changing? We'll see as they rollout red-hat's version 9.0 for the s390 platform and how they commit to their backend support schema. Thanks, Ron DuFresne
Ron DuFresne wrote:[SNIP]red-hat pushes out the product, which IBM is the back channel support for. I ask in the very first meeting with the red-hat sales-lizard; Umm, there was a vuln released today that affects the kernel, I see red-hat addressed this on the i386 and ia64 as well as the ppc platforms, has it been addressed on the s390, or can you just plain tell me we are not vuln? To which the red-had-lizard was clueless to the whole concept. And it took 4-5 months for IBM to get from red-hat their 'updates' page for s390 rmp's all of which were older then known issues/exploits. Turns out IBM claims to have been unaware that even though red-hat is chanrging for the platform enterprise release, They have not devoted any backend resources to keeping it current. Tells me that also, IBM could not have conducted an audit on what is mont maintained, let alone what was released. And points to the fact that even though it's possible to play linux on the IBM platforms, it's not really ready for prime time. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html-- May God Bless you and everything you touch. My "foundation" verse: Isaiah 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: Linux (in)security, (continued)
- Re: RE: Linux (in)security Peter Busser (Oct 22)
- Re: RE: Linux (in)security Cael Abal (Oct 22)
- Re: RE: Linux (in)security Peter Busser (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security William Warren (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 24)
- Re: [inbox] Re: RE: Linux (in)security Jeremiah Cornelius (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Andy Wood (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Dan Wilder (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Peter Busser (Oct 24)
- Re: [inbox] Re: RE: Linux (in)security Shawn McMahon (Oct 24)
- RE: [inbox] Re: RE: Linux (in)security Arcturus (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Peter Busser (Oct 24)