[ale] CentOS repositories question

Jim Kinney jkinney at jimkinney.us
Mon May 11 10:12:31 EDT 2015


Or at least force test run of the app on latest patched setup to show functionality. Add a vm pair of centos 6 fully patched to show the PHB "It WORKS, putz!" and push for app vendor to accept all responsibility (in writing!) for using outdated, known insecure base code once a fixed time has past from RHEL patch release.

On May 11, 2015 10:05:21 AM EDT, leam hall <leamhall at gmail.com> wrote:
>Ah, I've seen those sorts of developer induced cesspools. Sorry to
>hear,
>pardner. What's worse is that you'll get blamed for any security event
>using an unpatched vector.
>
>Personally, I'd ensure your security manager is in the loop. They may
>be
>able to give you some weight in pushing for either full patching or
>dumping
>that software.
>
>Leam
>
>
>On Mon, May 11, 2015 at 9:53 AM, Beddingfield, Allen <allen at ua.edu>
>wrote:
>
>>   We have a number of vendors who require exact versions.  We have
>> several products that support exactly RHEL 6.2, down to specifying
>certain
>> packages that can’t be patched from the version on the original
>media.  We
>> run RHEL on the production server, and CentOS on the test and dev
>servers,
>> and keep them at the same patch level.  (Anything that doesn’t have
>weird
>> vendor requirements goes on SLES).  Also, we have a bureaucratic and
>fairly
>> rigid change control process, so upgrading to the latest release (or
>even
>> applying patches) to many things is a huge ordeal. - this applies to
>most
>> production systems that have a large user base.  Luckily, I can
>usually get
>> away with updating sshd and apache with only one meeting.  A “zypper
>up” or
>> “yum update” requires much more red tape in most cases - depending on
>who
>> owns the system, if it is high profile, etc…
>>   --
>> Allen Beddingfield
>> Systems Engineer
>> The University of Alabama
>>
>>
>>   From: leam hall
>> Reply-To: Atlanta Linux Enthusiasts
>> Date: Thursday, May 7, 2015 at 4:41 PM
>> To: Atlanta Linux Enthusiasts
>> Subject: Re: [ale] CentOS repositories question
>>
>>   Why would you not stay with the current?
>>
>-- 
>Mind on a Mission <http://leamhall.blogspot.com/>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150511/7b6fc5b3/attachment.html>


More information about the Ale mailing list