Mailinglist Archive: opensuse (1473 mails)

[mistrM@xxxxxxxxxxx (Mr. M)]

> I can understand their position on not supporting custom
> kernels, especially the latest kernel out, since they don't know
> what is and what isn't compiled within and the latest kernels
> sometimes have nasty problems (continue to hear about fs
> corruptions from 2.2.10). However, they should definitely have
> support for installing a new SuSE kernel if the original one
> shipped on the CD is known to have a serious problem (in this
> case, the DoS bug).
>

2.2.11 is the latest kernel.  It has several fixes including one for the
IPchains vulnerability.  If you are running a server you may want to
consider upgrading.

I don't blame SuSE for not supporting custom kernels and that's not what my
posting was about.  I've never needed support directly from SuSE or any
Linux company.  My concern is for issues that are beyond my control.  SuSE
has been extremely slow when providing patches and security updates.  Almost
a week went by before someone from SuSE actually bothered to post a response
to the bugtraq list on the identd exploit.  I still have yet to see a
response to the concerns of this matter from anyone at SuSE on its own
security mailing list.

SuSE boasts that is has over 35,000 business customers.  I am sure that a
great number of these are running SuSE Linux on untrusted networks such as
the internet.  This should make Security issues of paramount importance to
SuSE.  Unfortunately, they seem to treat bug fixes and security patches as a
"we'll get around to it" task.  I find this totally unacceptable.

> I really like the SuSE distribution, but if this is the type of
> support that I am getting for my money, then I am tempted
> to either switch to Mandrake (which doesn't pretend to offer
> support), or get my next SuSE CD from linuxmall for $2.
>
> Just my CDN .02¢. I'm not responsible for currency variation due
> to exchange rates ... :)
> Cheers,
> Gregory Conron

I agree.  My American .02 may be going elsewhere too.  Perhaps when more and
more servers running SuSE get hacked into by the thousands of "script
kiddies" out there SuSE will finally wake up and take support seriously.

I've read of a possible IPO here in the U.S. for SuSE similar to RedHat.
Would you put your money in a company that doesn't support its customers in
even the most fundamental manner?

For those of you that feel as I do I strongly urge you to join the
suse-security mailing list and keep posting.  Perhaps one day they'll take
it seriously.  You should subcribe to the bugtraq mailing list, fallow it
closely, patch your systems immediately (if/when fixes become available) to
protect your machines from malicious users on the net.
www.securityfocus.com

SuSE?????

Mario Paz

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-linux-e-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-linux-e-help@xxxxxxxx