Re: Red Hat Network updates

From: Seth Arnold (sarnold@wirex.com)
Date: 03/04/03

  • Next message: Seth Arnold: "Re: chroot, scp and security on RedHat 8.0"
    Date: Tue, 4 Mar 2003 10:52:33 -0800
    From: Seth Arnold <sarnold@wirex.com>
    To: focus-linux <focus-linux@lists.securityfocus.com>
    
    
    

    On Fri, Feb 28, 2003 at 01:21:41PM -0800, terry white wrote:
    > given the mindset required to run linux, i tend to avoid depending on
    > a vendor for security. in addition, i think there's something to be said
    > for building and installing from source ...

    Being employed by a vendor, my opinion is necessarily a little tainted,
    but I think this is outright a horrible idea. Vendors, RedHat included,
    are frequently some of the first to learn about security problems, and
    their packaging process tends to retain security patches that sometimes
    never get worked into 'upstream' versions of software.

    (That, and they tend to have reasonable QA proceedures, to test the
    software before distributing it to the world.)

    (As for the merits/demerits of individual vendors, that is probably best
    discussed in the context of their maintainence agreements..)

    -- 
    Demand voting integrity: http://verify.stanford.edu/evote.html
    
    



  • Next message: Seth Arnold: "Re: chroot, scp and security on RedHat 8.0"

    Relevant Pages

    • [NEWS] Wonderware SuiteLink Denial of Service Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Vendor Information, Solutions and Workarounds ... Core sends the advisory draft to Wonderware support team. ...
      (Securiteam)
    • [Full-Disclosure] Security Industry Under Scrutiny: Part 3
      ... > varying degrees of 'faith' in the security industry. ... site admins and other whitehats. ... > architect would be notifying the software vendor alone... ... Full disclosure isn't so much a tool to get vunerability information ...
      (Full-Disclosure)
    • [NT] Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass (MS0
      ... Get your security news from a reliable source. ... Internet Explorer Zone Elevation Restrictions Bypass and Security Zone ... Vendor Information, Solutions and Workarounds: ... Core sends an advisory ...
      (Securiteam)
    • RE: Vendor wants remote control of our Servers and Workstations
      ... Of course the age-old problem with security is that ... Vendor has significant access to your internal ... this vendor uses the same method to support a number ... customer and makes significant changes ... ...
      (Security-Basics)
    • Security researchers organization
      ... of security researchers, plain and simple. ... better than the vendor itself. ... industry, telecommunications industry and banking industry has ( ... These are all common ideals we can agree and act upon, ...
      (NT-Bugtraq)