Re: Mandrake & CERT advisories

From: Nico Kadel-Garcia (nkadel@verizon.net)
Date: 03/05/03


From: Nico Kadel-Garcia <nkadel@verizon.net>
Date: Wed, 05 Mar 2003 13:54:15 GMT

Bill Unruh wrote:
> Vlad Tsyrklevich <root@127.0.0.1> writes:
>
> ]Because Mandrake announces it's own stuff on BugTraq? Because they never
> ]asked? Because they don't want people to see if they are vulnerable or
> ]not?
>
> Because none of us know what you are talking about??
> Mandrake is a Linux and thus suffers from the problems of linux.
> Mandrake does not use a number of programs (eg sendmail) which have had
> bugs.
>
> (PS, CERT is a US service, and Mandrake is a French company. It is
> perhaps not approached by CERT?)

It's because Mandrake does not cooperate with CERT in allowing
announcements of vulnerabilities. The distributions listed by CERT as
having vulnerabilities are almost always *voluntary*. This lends a false
air of security to Mandrake.