Security/package update release frequency

Subject: Security/package update release frequency
From: Kevin M. Myer (kevin_myer@iu13.k12.pa.us)
Date: Tue Jul 25 2000 - 12:30:30 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Paul Schinder: "Re: Security/package update release frequency"
• Previous message: Jim Cole: "Suggestion"
• Next in thread: Paul Schinder: "Re: Security/package update release frequency"

Hi,

I was wondering if anyone could comment on the apparent lack of
security/package updates for the Champion Server 1.2 release. The last
released update I can find was the etcskel package, dated May 7, 2000.
In the meantime, a serious bug has been exposed in the Linux kernel (all
versions <= 2.2.15), there have been theoretically exploitable NFS holes,
the ability to eavesdrop of EMACS process communication by non priveleged
users, etc. I am just wondering why Yellowdog has ceased to release
updates? Is the release and development of Gone Home more important than
the ongoing security of a distribution? Is the staff overworked and
security falls by the wayside? Are we witnessing security through
obscurity being played out, since the percentage of vulnerable x86
machines is higher than the percentage of vulnerable PPC machines, simply
because there are that many more x86 machines and shell code is a dime a
dozen for that architecture?

Just wondering - I keep checking for updates and see none and am wondering
why that is the case.

Kevin

-- 
Kevin M. Myer
Systems Administrator
Lancaster-Lebanon Intermediate Unit 13
(717)-560-6140

• Next message: Paul Schinder: "Re: Security/package update release frequency"
• Previous message: Jim Cole: "Suggestion"
• Next in thread: Paul Schinder: "Re: Security/package update release frequency"

This archive was generated by hypermail 2a24 : Tue Jul 25 2000 - 12:34:25 MDT