IMNSHO, Suse *really* should provide an update rpm: You don't have to provide an rpm with fixed source, but you really should (automatically) disable the rpc stuff via postinstall and probably send an email to root. Why? Because I'm convinced that quite a lot of people rely on you (or fou4s or apt-get) to "fix" security problems for them. Microsoft received some well deserved bashing for not providing an update for the SQL (or whatever) fix that enabled slammer via the simple click on the "Windows update" button. Please don't repeat the M$ mistake! I know you are on a tight schedule right now, but a remote root compromise is the highest sort of threat and should be fixed asap. Ciao Jörg -- Joerg Mayer <jmayer@loplof.de> We are stuck with technology when what we really want ist just stuff that works. Some say that should read Microsoft instead of technology.