Re: Mandrake & CERT advisories

From: Nico Kadel-Garcia (
Date: 03/05/03

From: Nico Kadel-Garcia <>
Date: Wed, 05 Mar 2003 13:54:15 GMT

Bill Unruh wrote:
> Vlad Tsyrklevich <root@> writes:
> ]Because Mandrake announces it's own stuff on BugTraq? Because they never
> ]asked? Because they don't want people to see if they are vulnerable or
> ]not?
> Because none of us know what you are talking about??
> Mandrake is a Linux and thus suffers from the problems of linux.
> Mandrake does not use a number of programs (eg sendmail) which have had
> bugs.
> (PS, CERT is a US service, and Mandrake is a French company. It is
> perhaps not approached by CERT?)

It's because Mandrake does not cooperate with CERT in allowing
announcements of vulnerabilities. The distributions listed by CERT as
having vulnerabilities are almost always *voluntary*. This lends a false
air of security to Mandrake.