Thanks for the unwanted explanation about general security but if you read all the thread, we are talking about Fedora Core and support. I want to know the availability of patches in Fedora Core 1 if in the future someone found a vulnerability i must upgrade to Core 2 if i want to have a patch El Martes 13 Abril 2004 16:57, escribiste: > On Tue, 2004-04-13 at 10:07, StoneBeat wrote: > > I have a doubt, imagine that tomorrow someone discovered that OpenSSH > > shipped with Fedora Core 1 had a remote exploitable vulnerability. > > > > How would i be able to get the patch for this vulnerability ? > > > > would i be able to get patched using "yum update" ? > > > > would Redhat / Fedora publish an Update in > > http://fedora.redhat.com/updates/released/ ? > > > > El Lunes 12 Abril 2004 22:03, Bill Nottingham escribió: > > > Christofer C. Bell (cbell@xxxxxxxxxxxx) said: > > > > What does "support" mean for Fedora Core 1 software? I'm not trying > > > > to sound like sour grapes, but I'm honestly curious. I've submitted > > > > a couple of bug reports (and submitted the fix with one of them) and > > > > so far both have come back closed with "fixed in rawhide." > > > > > > > > I guess I don't know what this means, exactly. > > > > > > Rawhide means that it's fixed in the development tree. If this > > > is done before FC2 is finalized, this generally means that it will be > > > fixed in FC2. > > > > > > Bill > > In a word yes. The Linux community as a whole has had patches out faster > than any other O.S. Also Red Hat has been prompt to post these patches > when available. Also, just because a 'vulnerability' is found doesn't > mean it is actually exploitable. A lot of these are problems such as > buffer overflows or bad special character parsing. > > At best they allow a chance for exploitation and usually require a fair > amount of programming skill, time, and failed attempts for a cracker, > usually through zombies. Most crackers would move on to an easier target > unless you are the 'specific' target. > > The reality of system compromises are from an internal nature S.A. my > old employer would remove all sensitive data from hard drives, but left > user names and passwords on the disk. Not until I took my PHLAK disk and > went through the disk with the office manager did this change! > > Users are forever downloading worms, trojans, and viruses on systems. > Uneducated users they are the greatest liability to security. > > If your system is updated, say monthly, and your firewall properly set > up and maintained, the major issue becomes users.
