[ale] Redhat security updates available on RHN only ?

[Joe Bayes]

David Bronson typeth:

>I don't expect Redhat to download files to my machine at all.
>
>I installed Redhat in much the same way as I intall debian, or
>slackware, or any number of other distributions. If Redhat eliminated
>updates (free or otherwise) altogether that would be fine with me. My
>issue is this - Redhat offers and encourages users to use the up2date
>tool to keep their system current. I don't recall ever seeing an option to
>choose any mirror. 

What about the one I sent you this morning? I tried pointing it at my
local machine and it gave me a "connection refused"...which is what
I'd expect if it were trying to contact my nonexistant https
server. So it obviously does something. I bet if you pointed it at a
mirror, it would work just fine.

>I have seen many discussions regarding perl scripts or
>other tools to query rpmfind.net and other sources to get current rpms.
>The existence of these conversations lead me to the conclusion that
>mirrors are non-existant or have reduced function in some way.

I don't understand. rpmfind.net has many rpms that RedHat
doesn't. These perl scripts serve a purpose that you can't get out of
up2date, paid or otherwise. Why does the existence of these tools (or
people discussing these tools) lead you to believe that mirrors are
non-existant? 

(I have no problem understanding why volunteer mirrors which duplicate
an existing service may not exist: no demand.)

>I would also challenge your assertion that Redhat does it because they
>are nice guys. I believe Redhat does it because it is good business.

Okay, let's say that they're nice guys *and* it's good business. :)

>https://lists.dulug.duke.edu/pipermail/current-server/2002-March/000234.html

>It seems RedHat is being a little odd with the RHN. They yesterday
>admitted they won't be open sourcing the RHN server software. 

Yeah, it would be nice if they would license out the RHN server
software. But it's not like they're licensing it out closed-source
either...they're just using it in-house. 

Perhaps if somebody paid the salary for a programmer to fix it up for
public release & remove the Oracle-proprietary bits, they might
release it. Or they might not...it's not like they're squeezing us
terribly hard here, and if not licensing out their server is the best
way for them to make enough money to keep the company running, then I
don't see a problem with it. In any case, the protocol is well
documented in the rpm source, so anybody could write one if they cared
enough. 

>http://www.antipope.org/charlie/linux/shopper/161.html

>At least, up2date was a good idea until last week, when Red Hat
>announced that they're going to charge for the service, leaving users
>who rely on it for the patch-upgrade cycle swinging in the wind next
>time a worm comes calling. 

Well, since this column is dated over a year ago, and I'm still using
RHN for free, it sounds like someone reacted a little too strongly to
some announcement or other. RHN is still available for free, and you
can still service any number of machines off it for free with just a
teeny bit of script-fu.

As an aside, I would suggest that the "admin" who wrote this article
keep a little more up to date on what his co-admin is doing, and what
the vendor of his operating system is doing. For example, I have a
file in /usr/local/SOFTWARE which lists any non-rpm packages that I
have installed. If he had had this, he could have looked at the file
and known immediately that his system had been patched and was
safe. It also wouldn't hurt to read a linux mailing list or two, so he
would know about rpm's database format change *before* he really needs
it.

He did neither of these, and he got burned. He spent a couple of
hours, but learned a valuable lesson that may save him a great deal
more time in the future...not a bad deal.

--joe



--
Joe Bayes -- jbayes at spoo.mminternet.com

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.