[ale] CentOS repositories question
Jim Kinney
jim.kinney at gmail.com
Mon May 11 10:34:46 EDT 2015
Added websense to the "never use" list.
On May 11, 2015 10:26 AM, "dev null zero two" <dev.null.02 at gmail.com> wrote:
> *cough* Websense *cough* does this. always ~9 months behind in RHEL /
> CentOS patch support. not only will it not technically work, having too
> high of an OS version breaks your support contract too.
>
> On Mon, May 11, 2015 at 10:12 AM, Jim Kinney <jkinney at jimkinney.us> wrote:
>
>> Or at least force test run of the app on latest patched setup to show
>> functionality. Add a vm pair of centos 6 fully patched to show the PHB "It
>> WORKS, putz!" and push for app vendor to accept all responsibility (in
>> writing!) for using outdated, known insecure base code once a fixed time
>> has past from RHEL patch release.
>>
>> On May 11, 2015 10:05:21 AM EDT, leam hall <leamhall at gmail.com> wrote:
>>
>>> Ah, I've seen those sorts of developer induced cesspools. Sorry to hear,
>>> pardner. What's worse is that you'll get blamed for any security event
>>> using an unpatched vector.
>>>
>>> Personally, I'd ensure your security manager is in the loop. They may be
>>> able to give you some weight in pushing for either full patching or dumping
>>> that software.
>>>
>>> Leam
>>>
>>>
>>> On Mon, May 11, 2015 at 9:53 AM, Beddingfield, Allen <allen at ua.edu>
>>> wrote:
>>>
>>>> We have a number of vendors who require exact versions. We have
>>>> several products that support exactly RHEL 6.2, down to specifying certain
>>>> packages that can’t be patched from the version on the original media. We
>>>> run RHEL on the production server, and CentOS on the test and dev servers,
>>>> and keep them at the same patch level. (Anything that doesn’t have weird
>>>> vendor requirements goes on SLES). Also, we have a bureaucratic and fairly
>>>> rigid change control process, so upgrading to the latest release (or even
>>>> applying patches) to many things is a huge ordeal. - this applies to most
>>>> production systems that have a large user base. Luckily, I can usually get
>>>> away with updating sshd and apache with only one meeting. A “zypper up” or
>>>> “yum update” requires much more red tape in most cases - depending on who
>>>> owns the system, if it is high profile, etc…
>>>> --
>>>> Allen Beddingfield
>>>> Systems Engineer
>>>> The University of Alabama
>>>>
>>>>
>>>> From: leam hall
>>>> Reply-To: Atlanta Linux Enthusiasts
>>>> Date: Thursday, May 7, 2015 at 4:41 PM
>>>> To: Atlanta Linux Enthusiasts
>>>> Subject: Re: [ale] CentOS repositories question
>>>>
>>>> Why would you not stay with the current?
>>>>
>>> --
>>> Mind on a Mission <http://leamhall.blogspot.com/>
>>>
>>> ------------------------------
>>>
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>>
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150511/dd2847af/attachment.html>
More information about the Ale
mailing list