On Fri, 28 Jul 2006, Dan Noe wrote: > If that isn't acceptable to you, you should seriously consider using a > commercial distribution where people *are* paid to fix security bugs.
I second that opinion. Personally, I'm quite grateful for all of the hard work all of the Gentoo developers put in, and would like to take this opportunity to point that out explicitly. This vulnerability was only announced yesterday, and given that are probably no visible changes between 1.5.0.4 and 1.5.0.5 other than internal bug fixes, a temporary workaround would probably be as simple as copying the ebuild to your local overlay directory and changing the version number. Having spent the last month trying to put together a reasonably minimalistic install of Red Hat Enterprise Linux for an Oracle project, let me tell you that while they might fix bugs quickly, working with it is a pain in the ass, particularly compared to the simplicity and flexibility that is Gentoo. (you have to love wanting to install package A, which has a dependency on package B you don't even care about, but can't get rid of, and that dependency cascades into a dozen more packages you want nothing to do with that have to install just to get package A <sigh>...) -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | [EMAIL PROTECTED] California State Polytechnic University | Pomona CA 91768 -- gentoo-security@gentoo.org mailing list
