<html><head></head><body>Or at least force test run of the app on latest patched setup to show functionality. Add a vm pair of centos 6 fully patched to show the PHB "It WORKS, putz!" and push for app vendor to accept all responsibility (in writing!) for using outdated, known insecure base code once a fixed time has past from RHEL patch release.<br><br><div class="gmail_quote">On May 11, 2015 10:05:21 AM EDT, leam hall <leamhall@gmail.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div dir="ltr"><div><div>Ah, I've seen those sorts of developer induced cesspools. Sorry to hear, pardner. What's worse is that you'll get blamed for any security event using an unpatched vector. <br /><br /></div>Personally, I'd ensure your security manager is in the loop. They may be able to give you some weight in pushing for either full patching or dumping that software. <br /><br /></div>Leam<br /><br /><div><div><div class="gmail_extra"><br /><div class="gmail_quote">On Mon, May 11, 2015 at 9:53 AM, Beddingfield, Allen <span dir="ltr"><<a href="mailto:allen@ua.edu" target="_blank">allen@ua.edu</a>></span> wrote:<br /><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">
<div>
<div>
<div>We have a number of vendors who require exact versions. We have several products that support exactly RHEL 6.2, down to specifying certain packages that can’t be patched from the version on the original media. We run RHEL on the production server, and
CentOS on the test and dev servers, and keep them at the same patch level. (Anything that doesn’t have weird vendor requirements goes on SLES). Also, we have a bureaucratic and fairly rigid change control process, so upgrading to the latest release (or even
applying patches) to many things is a huge ordeal. - this applies to most production systems that have a large user base. Luckily, I can usually get away with updating sshd and apache with only one meeting. A “zypper up” or “yum update” requires much more
red tape in most cases - depending on who owns the system, if it is high profile, etc…</div>
<div>
<div>
<div>
<div>--</div>
<div>Allen Beddingfield</div>
<div>Systems Engineer</div>
<div>The University of Alabama</div>
</div>
<div><br />
</div>
</div>
</div>
</div>
</div>
<div><br />
</div>
<span>
<div style="font-family:Calibri;font-size:12pt;text-align:left;color:black;BORDER-BOTTOM:medium none;BORDER-LEFT:medium none;PADDING-BOTTOM:0in;PADDING-LEFT:0in;PADDING-RIGHT:0in;BORDER-TOP:#b5c4df 1pt solid;BORDER-RIGHT:medium none;PADDING-TOP:3pt">
<span style="font-weight:bold">From: </span>leam hall<br />
<span style="font-weight:bold">Reply-To: </span>Atlanta Linux Enthusiasts<br />
<span style="font-weight:bold">Date: </span>Thursday, May 7, 2015 at 4:41 PM<br />
<span style="font-weight:bold">To: </span>Atlanta Linux Enthusiasts<br />
<span style="font-weight:bold">Subject: </span>Re: [ale] CentOS repositories question<br />
</div>
<div><br />
</div>
<div>
<div>
<p dir="ltr">Why would you not stay with the current?</p></div></div></span></div></blockquote></div>-- <br /><div class="gmail_signature"><div><a href="http://leamhall.blogspot.com/" target="_blank">Mind on a Mission</a></div></div>
</div></div></div></div>
<p style="margin-top: 2.5em; margin-bottom: 1em; border-bottom: 1px solid #000"></p><pre class="k9mail"><hr /><br />Ale mailing list<br />Ale@ale.org<br /><a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br />See JOBS, ANNOUNCE and SCHOOLS lists at<br /><a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br /></pre></blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>