Mailinglist Archive: opensuse-security (240 mails)
| < Previous | Next > |
Re: [suse-security] SuSE Security Announcement - make-3.77
- From: Thomas Biege <thomas@xxxxxxx>
- Date: Mon, 14 Feb 2000 16:07:01 +0100 (MET)
- Message-id: <Pine.LNX.4.05.10002141540340.17123-100000@xxxxxxxxxxxxxx>
Hi,
> I downloaded exactly this rpm from the ftp server on 30 Jan while hunting
> for updates. That was 11 days ago! Now, why is it that the security
> announcement takes this long to appear? (and on suse-security-announce
> it will appear appr 10 hours later than on suse-securtiy...)
>
> This has *never* happened to me while I was using Red Hat. Or are
> they just hiding updated rpms from their ftp server until after the
> announcement goes out? Not that the compile-date in their rpms dated
> more than a day back, usually.
>
> One could argue that this security problem is not very serious - but
> does SuSE handle all security issues like this one?
The reason is simple:
The bug wasn't known to the public and only the vendors got
notified by me right after I found it. To give other linux
ditributors the time to fix their stuff I wait some days
before releasing our announcement.
Hope that explains everything.
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@xxxxxxx Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
> I downloaded exactly this rpm from the ftp server on 30 Jan while hunting
> for updates. That was 11 days ago! Now, why is it that the security
> announcement takes this long to appear? (and on suse-security-announce
> it will appear appr 10 hours later than on suse-securtiy...)
>
> This has *never* happened to me while I was using Red Hat. Or are
> they just hiding updated rpms from their ftp server until after the
> announcement goes out? Not that the compile-date in their rpms dated
> more than a day back, usually.
>
> One could argue that this security problem is not very serious - but
> does SuSE handle all security issues like this one?
The reason is simple:
The bug wasn't known to the public and only the vendors got
notified by me right after I found it. To give other linux
ditributors the time to fix their stuff I wait some days
before releasing our announcement.
Hope that explains everything.
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@xxxxxxx Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
| < Previous | Next > |