openssl issue
Daniel Roesen
dr at cluenet.de
Thu Mar 18 23:50:13 UTC 2004
On Thu, Mar 18, 2004 at 05:42:53PM -0500, Luc Bouchard wrote:
> Either help out in the community effort,
There is no community effort yet. This has been all lip service until
now. I don't see any non-RH-employee having any commit rights or
access to vendor-sec in order to timely prepare and test security
updates like Debian.
Sorry, there is no community effort yet. RH is still fully in charge
and control.
I'm not complaining about this fact - I'm complaining about RH
driving a "push people to RHEL" strategy _without_ openly saying so.
I have _no_ problems if RH would just say "guys, timely security
updates only with our pay products, the rest comes deliberately
later.". At least that'd be honest.
Red Hat: can you please outline your official position regarding
security updates for Fedora Core in the future? When can we expect
future security updates to appear - at the earliest possible opportunity
(read: at the same time [coordinated vendor-sec release] or only
insignificantly later than the RHEL updates [surprise publication of
a vuln]), or delayed?
I'm not complaining - I just do want to know what to expect in order
to make sensible decisions for future system installs.
Regards,
Daniel
More information about the users
mailing list