Phishing - Linux boxes are vulnerable
Ed.Greshko at greshko.com
Fri Oct 5 01:02:43 UTC 2007
> but still done, I mean Bind comes in one package, Sendmail in one, bot
> split up into little pieces, you only have to look in the scr.rpm to see
> 99 times of out 100 there s a vendor specific patch, that does not exist
> in say sendmail-version.tar.gz or bind-version.tar.gz
> You only have to read the lsit of updates from fedora/RH and even debian
> and others on certain mailing lists to see update update update update,
> yet the original package is still the same and the authors say no they
> made changes, this is why we use slackware, and of course why many lazy
> admins detest it :)
I can't tell from what you've said above. So, I have to ask. Are you
dismissing vendor supplied patches out of hand?
I thought the reason for providing source code was for the community to be
able to examine the code and then make changes as they deem necessary.
Then, pass the changes back to the original authors who then decide if they
will include the changes in their version.
When it comes to the RHEL products one pays for support. They support their
vendor supplied changes as well as the original code. So, it isn't clear
what the objections would be.
More information about the users