Security announcements on web page
Hi, I saw all the glibc/postgres announcements on the SuSE web page with date October 1st, but it hasn't made it to the announce list yet. What does that mean? Is it safe to assume the linked files from the web page are stable, or could sth. change before we get an announcement mail? If not, why isn't the mail sent when the announcements appear on the web page? (Please note that this is not meant as an accusation, I'm just asking to know how to judge web/mail announcements...) Best regards, Frank -- Dipl.-Inform. Frank Steiner mailto:fst@informatik.uni-kiel.de Lehrstuhl f. Programmiersprachen mailto:fsteiner@web.de CAU Kiel, Olshausenstraße 40 Phone: +49 431 880-7265, Fax: -7613 D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/
Hi Frank,
Hi,
I saw all the glibc/postgres announcements on the SuSE web page with date October 1st, but it hasn't made it to the announce list yet. What does that mean? Is it safe to assume the linked files from the web page are stable, or could sth. change before we get an announcement mail? If not, why isn't the mail sent when the announcements appear on the web page? (Please note that this is not meant as an accusation, I'm just asking to know how to judge web/mail announcements...)
suse-security-announce@suse.com is the first address that we send the announcements to. We wait until we see our own announcement from the list so that we know that it's in the engine. I have seen both of Thomas' announcements SuSE-SA:2002:035 and SuSE-SA:2002:036 on suse-security-announce@suse.com. I guess that it is either still in the queue somewhere (it's not on our lists server), or it got lost on the way. I suggest to unsubscribe and resubscribe to suse-security-announce@suse.com.
Best regards, Frank
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Hi Roman, Roman Drahtmueller wrote:
suse-security-announce@suse.com is the first address that we send the announcements to. We wait until we see our own announcement from the list so that we know that it's in the engine.
I have seen both of Thomas' announcements SuSE-SA:2002:035 and SuSE-SA:2002:036 on suse-security-announce@suse.com. I guess that it is either still in the queue somewhere (it's not on our lists server), or it got lost on the way.
no, they didn't get lost, I got them both. But in both anouncements glibc is listed as "pending vulnerability". However, at http://www.suse.de/de/private/download/updates/73_i386.html the fixed packages are listed and downloadable with date Oct 1. That's what confused me. Could it be that the glibc is fixed and stable for 7.3 but not for other distributions (like 7.0,..) and that's why the general announcement is not yet sent? Can I download the glibc packages from this website for my 7.3, or should I wait for an glibc announcement on the list? Thanks! Best regards, Frank -- Dipl.-Inform. Frank Steiner mailto:fst@informatik.uni-kiel.de Lehrstuhl f. Programmiersprachen mailto:fsteiner@web.de CAU Kiel, Olshausenstraße 40 Phone: +49 431 880-7265, Fax: -7613 D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/
no, they didn't get lost, I got them both. But in both anouncements glibc is listed as "pending vulnerability". However, at http://www.suse.de/de/private/download/updates/73_i386.html the fixed packages are listed and downloadable with date Oct 1. That's what confused me. Could it be that the glibc is fixed and stable for 7.3 but not for other distributions (like 7.0,..) and that's why the general announcement is not yet sent?
Yes.
Can I download the glibc packages from this website for my 7.3, or should I wait for an glibc announcement on the list?
No, you can use the one that is present there. It is the version that will be announced shortly. And yes, we're still building the packages for the older distributions.
Thanks!
Best regards, Frank
Roman.
--
- -
| Roman Drahtmüller
Roman Drahtmueller wrote:
Could it be that the glibc is fixed and stable for 7.3 but not for other distributions (like 7.0,..) and that's why the general announcement is not yet sent?
Yes.
Can I download the glibc packages from this website for my 7.3, or should I wait for an glibc announcement on the list?
No, you can use the one that is present there. It is the version that will be announced shortly. And yes, we're still building the packages for the older distributions.
Thanks a lot for clarifying this! So I can go on relying on what my autorpm finds during the night on the SuSE server, even if no announcement is out yet :-) Best regards, Frank -- Dipl.-Inform. Frank Steiner mailto:fst@informatik.uni-kiel.de Lehrstuhl f. Programmiersprachen mailto:fsteiner@web.de CAU Kiel, Olshausenstraße 40 Phone: +49 431 880-7265, Fax: -7613 D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/
* Frank Steiner (fst@informatik.uni-kiel.de) [021008 05:42]:
the web page are stable, or could sth. change before we get an announcement mail? If not, why isn't the mail sent when the announcements appear on the web page?
fst@informatik.uni-kiel.de has never been subscribed to suse-security-announce so it's not surprising that you didn't get the announcements. Use the reply-to address to subscribe. As for the web pages, http://lists.suse.com/archive/suse-security-announce/current is always up-to-date. The listings on www.suse.de are usually not for reasons that aren't worth going into (it has nothing to do with the security team). Cheers, -- -ckm
Christopher Mahmood wrote:
* Frank Steiner (fst@informatik.uni-kiel.de) [021008 05:42]:
the web page are stable, or could sth. change before we get an announcement mail? If not, why isn't the mail sent when the announcements appear on the web page?
fst@informatik.uni-kiel.de has never been subscribed to suse-security-announce so it's not surprising that you didn't get the announcements. Use the reply-to address to subscribe.
I'm subscribed with a different address...
As for the web pages, http://lists.suse.com/archive/suse-security-announce/current is always up-to-date. The listings on www.suse.de are usually not for reasons that aren't worth going into (it has nothing to do with the security team).
Well, my question was because the web page was ahead of the announcements, but Roman clarified this :-) cu, Frank -- Dipl.-Inform. Frank Steiner mailto:fst@informatik.uni-kiel.de Lehrstuhl f. Programmiersprachen mailto:fsteiner@web.de CAU Kiel, Olshausenstraße 40 Phone: +49 431 880-7265, Fax: -7613 D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/
participants (3)
-
Christopher Mahmood -
Frank Steiner -
Roman Drahtmueller