[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sendmail update



Jef Spaleta wrote:

> On Fri, 2003-03-07 at 09:20, Rick Emery wrote:
> > Quoting Chris Chabot <chabotc@xs4all.nl>:
> >
> > > So your seriously claiming that you think 'untested' or 'unpatched'
> > > packages could be included in rh8.1 ?!
>
> > P.S. I think it's great that you compiled the errata into a package; it will
> > prevent vulnerable beta machines. But installing this beta tests your package,
> > not Red Hat's. Which is fine, if they include your package in the final release.
>
> Which is REALLY funny to me since chabotc was on the "running any
> Rawhide packages means yer not beta testing" side of previous arguments.
> Seems a horribly inconsistant point of view to me. To sum up chabotc
> mental state expressed recently on this list:
>
> Don't run rawhide packages, even when redhat developers ask you to test
> them becuase they hopefully contain a fix...but please run the binary
> packages I rolled up for you (And didn't bother signing with a GPG key
> either).
>
> chabotc has confused the crap out of me, with mixed messages, like a
> drunk girl a frat party passed out with her head in my lap. I for one
> don't think its so great the chabotc has rolled up
> packages...considering the previous disdain chabotc has shown for
> running rawhide packages, as part of the beta process. I have to
> question chabotc's motivations...and I don't see why any of us should
> explicitly trust chabotc packages...especially unsigned packages.
>
> -jef"aim for consistancy, if being clever is just too hard"spaleta
>

I opted to get the program from Psyche, since it was newer.

I wasn't successful when trying the openssl program version from RH8. It was older,
but included the bug fix.
I thought, what the heck, I'll try the older version through a force, nodeps
situation.
Anyway, up2date, lynx and a host of other programs failed to work with the older
program version.
fortunately, I had the disc burned on the better working burner action for RH7.3 to
pull the phoebe3 version off of and was able to upgrade to the proper and probably
vulnerable version from the disc.

I don't totally suspect the programs compiled from outsiders, but I am more wary of
them ,than I would be for programs versions released by redhat.

I haven't patched any programs before. But how difficult is it to patch the source
with the security update, then compile and package the rpm for use? Are the patches
pretty much program version independent?

Jim

>
>   ------------------------------------------------------------------------
>                        Name: signature.asc
>    signature.asc       Type: application/pgp-signature
>                 Description: This is a digitally signed message part

--
Air Force Inertia Axiom:
        Consistency is always easier to defend than correctness.





-- 
Phoebe-list mailing list
Phoebe-list@redhat.com
https://listman.redhat.com/mailman/listinfo/phoebe-list

[Home]     [Kernel List]     [Red Hat Install]     [Red Hat Watch List]     [DVD Store]     [Red Hat Development]     [Gimp]     [Yosemite News]

Powered by Linux