Hi John, I avoided to post on this topic so far, but you make some very good and valid comments.
> Cobalts packages should, of course, be given precedence. > Pkgmaster.com was started by Cobalt and ex-cobalt support techs, wasn't > it? In my practical experience, this conversation about 'voiding your > warranty by patching for vulnerabilities,' is odd and from my experience > with Cobalt or Sun support moot. That's one of the most true and saddest point so far, isn't it? If there are vulnerabilities which affect the Cobalt plattform and pose a threat to those who have to trust their mission critical data to it, then there must be officially supported vendor patches. Period. One might argue about when those patches have to be available, but not about the *if*. Also, it somehow can't be that we have have to install an unsupported patch to get rid of the older PHP-4 versions which are still on the stock RaQ4. Or the one that is on the XTR for which no patch is available. Not even an unsupported one. Furthermore I find it hillarious that SUN/Cobalt itself recognizes how bad the bind-8.2.2 vulnerability has hurt it as a company, but still ships all new RaQ4's with the vulnerable bind-8.2.2 aboard. Not even the OS restore CDs have been updated. How many customers are actually aware that this ready to run, fire up and forget server appliances need half a dozend of patches to be anywhere near (but actually quite short of) modern security standards? Not many from my experience. SUN radically shifted its focus from bashing or outright ignoring Linux over to (allegedly) fully supporting it with all it's corporate weight. I still remeber the confusion in the SUN office where I was working at that time, when Scott McNealy broke the news on SUN-TV. And I remember an after hours conversation with a few die hard Sunny's who suddenly wanted to know what "that Linux thingy" actually is about. One of 'em even borrowed my SuSE CD's to take a look. ;o) So while the need to change the focus towards Linux has been recognized in the uppermost levels of the SUN management, it'll take ages 'til this trickles down to the usual rank and file we might happen to run into. Without doubt: If anyone at SUN has hands on Linux experience, then the guys of the Cobalt division. However, just look up Ed Zanders recent "A closer look at Linux" over here:http://www.sun.com/2002-0319/feature/ and you'll notice that Cobalt is listed in the section "Some of Sun's products that support Linux include:" almost at the very bottom. It looks like this was added almost like an afterthought. Draw your own conclusions on that one. ;o) -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
