On Fri, 2002-12-13 at 10:19, [EMAIL PROTECTED] wrote: > > Matthew's note did bring something to my attention that I didn't realize. > Chuck's response below which included the links to the errata pages was > interesting in that I see the RH 7.3 Apache update is dated 11-25 on the > page. I seldom visit this page unless it's for a special reason as I tend to > use the up2date mechanism. On Dec 7th I ran up2date and was notified that > there were updates including both the Samba and Xinetd fixes (which bracket > the Apache entry on the errata page). Today I ran up2date and was advised > the Apache update was available. > > Clearly there is some delay between the errata page and the up2date mechanism.
Actually, the errata you were offered "today" were new. There is not yet an entry in the errata list for the packages you were offered. Up2date will always have the latest errata when they're released. > I can rationalize the delay as part of the RH strategy to manage traffic but > since the security of my machines are my responsibility, not RH's, I guess > I'll be visiting the errata page more often. I do admit that I, like > Matthew, resort to the source tarball if I feel "naked" and his mention of > the OpenSSL 3.1p1 vulnerability is one where I've gone that route. Without cause, too. Review the errata page. The fix was backported. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
