Re: Mandrake & CERT advisories
From: Nico Kadel-Garcia (firstname.lastname@example.org)
From: Nico Kadel-Garcia <email@example.com> Date: Wed, 05 Mar 2003 13:54:15 GMT
Bill Unruh wrote:
> Vlad Tsyrklevich <firstname.lastname@example.org> writes:
> ]Because Mandrake announces it's own stuff on BugTraq? Because they never
> ]asked? Because they don't want people to see if they are vulnerable or
> Because none of us know what you are talking about??
> Mandrake is a Linux and thus suffers from the problems of linux.
> Mandrake does not use a number of programs (eg sendmail) which have had
> (PS, CERT is a US service, and Mandrake is a French company. It is
> perhaps not approached by CERT?)
It's because Mandrake does not cooperate with CERT in allowing
announcements of vulnerabilities. The distributions listed by CERT as
having vulnerabilities are almost always *voluntary*. This lends a false
air of security to Mandrake.