LinuxSA Mailing list archives

  From: Michael T Pope <michael.pope@dsto.defence.gov.au>
  To  : <linuxsa@linuxsa.org.au>
  Date: 31 Jan 2001 10:59:25 +1030

Re: apparent vulnerability of [Redhat] linux 6.2

David Lloyd <lloy0076@rebel.net.au> writes:

> Alan!
> 
> > It seems to me that there have been a lot of reports of
> > the vulnerability of Redhat 6.2 in the last few months.
> > Is that so? Is it particularly weak?
> 
> I don't believe any distribution of Linux is inherently weak.

Well, I would argue that some are demonstrably better at providing
updates for emerging security problems.  IMHO all the major commercial
distributions do a `reasonable' job, and there is little to choose
between them.  However, Debian are often front runners for lowest
turnaround from bug announcement to bug fix.

In particular, I do not think that RedHat 6.2 was security-weak (opinion).
It was however, (fact) very popular.  That is where the reporting rate
is driven from.

But... as others have noted, actually applying the bug fixes is
critical.  So, all you fellow RedHat users out there, what is your
excuse for not checking the AARNet mirror of /redhat-updates every
day?  Too much work?  Then why have you not configured autorpm to do
the bulk of it for you?  The sad fact that the Ramen worm is out there
and causing damage should be an unsubtle reminder to lift your game.

Cheers,
Mike Pope
-- 
michael.pope@dsto.defence.gov.au

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject