no security alerts recently
Hello, Is there something wrong with the security announcement system? If you look on the SuSE web site http://www.suse.de/en/support/security/index.html there have been no alerts since 3rd June, and I don't recall any e-mail alerts either. But if you look at the update area http://www.suse.de/en/support/download/updates/71_i386.html there have been 6 security updates in this period. At least one of these (samba) is a major hole. People should not be expected to subscribe to high-volume technical mailing lists to know about security updates, the security announcement list should be sufficient. Bob ============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
Hello, Also, it is not very clear why there are two places to look for updates. It is very confusing. Can someone from the (excellent!:)) SuSE security people clarify this? If one would like to keep the SuSE Linux systems up to date, is it required to look in both places or the suse-security-announce should be enough? Because if it's not, then what is the purpose of suse-security-announce, anyway? Thank you! Dragos Jula
-----Original Message----- From: Bob Vickers [mailto:bobv@cs.rhul.ac.uk] Sent: Friday, June 22, 2001 12:05 PM To: suse-security@suse.com Subject: [suse-security] no security alerts recently
Hello,
Is there something wrong with the security announcement system? If you look on the SuSE web site http://www.suse.de/en/support/security/index.html there have been no alerts since 3rd June, and I don't recall any e-mail alerts either. But if you look at the update area http://www.suse.de/en/support/download/updates/71_i386.html there have been 6 security updates in this period. At least one of these (samba) is a major hole.
People should not be expected to subscribe to high-volume technical mailing lists to know about security updates, the security announcement list should be sufficient.
Bob ============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hello,
Also, it is not very clear why there are two places to look for updates. It is very confusing. Can someone from the (excellent!:)) SuSE security people clarify this? If one would like to keep the SuSE Linux systems up to date, is it required to look in both places or the suse-security-announce should be enough? Because if it's not, then what is the purpose of suse-security-announce, anyway?
Thank you!
Dragos Jula
There will be a samba update shortly. Plus pcp
(do "rpm -ql pcp|xargs chmod a-s" to workaround the bug).
Update packages for the distributions 7.1 and newer can be found on
ftp.suse.com.
For dists before 7.1, you can find the crypto packages on ftp.suse.de
because those packages may not be placed on ftp.suse.com.
Non-crypto-packages are on ftp.suse.com.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Hello again, When I said there are two places to look for updates, I was not referring to the ftp.suse.com and ftp.suse.de . What I meant was "there are two places to look for security announcements" (that were mentioned by Mr. Bob Vickers who started this thread): one being the "suse-security-announce" list + the URL http://www.suse.de/en/support/security/index.html the other one the update area: http://www.suse.de/en/support/download/updates/ where there are also security updates. Please explain what is the purpose of suse-security-announce, since there are also other security announcements+updates that don't make it to the list. (and that will be missed by someone that is only subscribed to the list and is not actively checking the updates area). Thank you again! Dragos Jula
-----Original Message----- From: Roman Drahtmueller [mailto:draht@suse.de] Sent: Friday, June 22, 2001 1:25 PM To: Dragos Alexandru Jula Cc: suse-security@suse.com Subject: RE: [suse-security] no security alerts recently
Hello,
Also, it is not very clear why there are two places to look for updates. It is very confusing. Can someone from the (excellent!:)) SuSE security people clarify this? If one would like to keep the SuSE Linux systems up to date, is it required to look in both places or the suse-security-announce should be enough? Because if it's not, then what is the purpose of suse-security-announce, anyway?
Thank you!
Dragos Jula
There will be a samba update shortly. Plus pcp (do "rpm -ql pcp|xargs chmod a-s" to workaround the bug).
Update packages for the distributions 7.1 and newer can be found on ftp.suse.com.
For dists before 7.1, you can find the crypto packages on ftp.suse.de because those packages may not be placed on ftp.suse.com. Non-crypto-packages are on ftp.suse.com.
Thanks, Roman. -- - - | Roman Drahtmüller
// "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
participants (3)
-
Bob Vickers
-
Dragos Alexandru Jula
-
Roman Drahtmueller