Hi Leo, > I'm very disapointed for the sun attitude about security upgrade of the > cobalt. When there is important holes (like in PHP these days), they MUST > provide upgrade in the hours like all Linux, *BSD, Unix system have do.
SUN/Cobalt sure hasn't the ressources to do this. SUN might have it, the Cobalt division perhaps hasn't. Todays patch for the RaQ3 is a prime example to that: RaQ3-All-Security-4.0.1-13453.pkg (Glibc update). It fixes a glibc vulnerability which was published on 17th December 2001. Whoops: It took SUN/Cobalt almost to the day *three months* to release the patch. Sure, glibc is no trivial matter to mess with, but the recent zlib issue is of similar scale as it affects a wide spread set of applications, binaries and libraries. Well, maybe we can expect a patch for that in three months as well? Oh my ... what a perespective. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
