Yes, we were right (about OpenSSL). And we were right about it for a long time now. I'm surprised that you didn't figure this out by yourself (or at least read it somewhere). If you followed ANY of the posts over the past couple days you would see that we proved this time and again!
"rpm -q --changelog openssl" <- do I need to explain this command to you? Next time before jumping to conclusions over things that you know little about, take some time to see if anyone else posted similar. And note that this list is for RedHat users/admins/developers. Please keep your "Ra-Ra" BSD-related quotations to yourself. It's too early in the morning to deal with anti-RedHat/anti-RPM comments like this! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of James Wilson Sent: Friday, September 20, 2002 9:29 AM To: [EMAIL PROTECTED] Subject: RE: You may still be vunerable to the Slapper Worm It looks like you were right guys, the rpm tool once again has failed to do anything useful and once I upgraded from src its closed the vunerability. I'd apologise for the misinformation, but it seems that you enjoyed the chance for righteous flaming. Jam www.freebsd.org Ironic isn't it that the less popular an os is the better the pkg management is Windows is famed for its erratic and late patching Redhat's RPM tool is a joke that failed to be funny 3 years ago. Debian is gettin there slowly with apt-get. And FreeBSD allows you to patch OpenSSL from src in under 3 minutes. -----Original Message----- From: Edward Wildgoose [mailto:[EMAIL PROTECTED]] Sent: 20 September 2002 15:00 To: [EMAIL PROTECTED] Subject: RE: You may still be vunerable to the Slapper Worm > What Red Hat has done is issue patches before the vulnerabilities are > exploited. They don't wait until the customer is screwed before getting > around to fixing the bugs. Some vendors (a large Redmond-based software > company comes to mind) play Russian roulette and wait until the exploits > are out there, and then fix the bugs. The customer loses. Actually this is also standard practice for AV software companies as well. I have had arguments with tech support at Norton and McAfee about "low" risk virus's and why they are not scanned for yet. The answer is always that they can't afford to have the scanner slow down, so they only add it to the definitions once it is officially "in the wild". You can see this if you watch the web-site alerts from some of the big names. They do stuff like issuing dates when first detected, what the current "threat rating" is, and also when the defs were available from. Usually the defs are only updated well after the virus is detected and only once there is an "outbreak". You can understand the logic, but it is a little bit backwards in a way... Anyway, sorry for the OT Ed W -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
