[ale] CentOS repositories question

dev null zero two dev.null.02 at gmail.com
Mon May 11 10:24:52 EDT 2015


*cough* Websense *cough* does this. always ~9 months behind in RHEL /
CentOS patch support. not only will it not technically work, having too
high of an OS version breaks your support contract too.

On Mon, May 11, 2015 at 10:12 AM, Jim Kinney <jkinney at jimkinney.us> wrote:

> Or at least force test run of the app on latest patched setup to show
> functionality. Add a vm pair of centos 6 fully patched to show the PHB "It
> WORKS, putz!" and push for app vendor to accept all responsibility (in
> writing!) for using outdated, known insecure base code once a fixed time
> has past from RHEL patch release.
>
> On May 11, 2015 10:05:21 AM EDT, leam hall <leamhall at gmail.com> wrote:
>
>> Ah, I've seen those sorts of developer induced cesspools. Sorry to hear,
>> pardner. What's worse is that you'll get blamed for any security event
>> using an unpatched vector.
>>
>> Personally, I'd ensure your security manager is in the loop. They may be
>> able to give you some weight in pushing for either full patching or dumping
>> that software.
>>
>> Leam
>>
>>
>> On Mon, May 11, 2015 at 9:53 AM, Beddingfield, Allen <allen at ua.edu>
>> wrote:
>>
>>>   We have a number of vendors who require exact versions.  We have
>>> several products that support exactly RHEL 6.2, down to specifying certain
>>> packages that can't be patched from the version on the original media.  We
>>> run RHEL on the production server, and CentOS on the test and dev servers,
>>> and keep them at the same patch level.  (Anything that doesn't have weird
>>> vendor requirements goes on SLES).  Also, we have a bureaucratic and fairly
>>> rigid change control process, so upgrading to the latest release (or even
>>> applying patches) to many things is a huge ordeal. - this applies to most
>>> production systems that have a large user base.  Luckily, I can usually get
>>> away with updating sshd and apache with only one meeting.  A "zypper up" or
>>> "yum update" requires much more red tape in most cases - depending on who
>>> owns the system, if it is high profile, etc...
>>>   --
>>> Allen Beddingfield
>>> Systems Engineer
>>> The University of Alabama
>>>
>>>
>>>   From: leam hall
>>> Reply-To: Atlanta Linux Enthusiasts
>>> Date: Thursday, May 7, 2015 at 4:41 PM
>>> To: Atlanta Linux Enthusiasts
>>> Subject: Re: [ale] CentOS repositories question
>>>
>>>   Why would you not stay with the current?
>>>
>> --
>> Mind on a Mission <http://leamhall.blogspot.com/>
>>
>> ------------------------------
>>
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150511/075e1c98/attachment.html>


More information about the Ale mailing list