I see. Since MongoDB is under a GNU license, I assume you do not literally mean you have zero access to the changes being made to it in SCL. My assumption is that you actually mean there's no advanced or privileged access. So if some bad juju goes down, and we want to look to SCL For help, Marek or whoever is maintaining 2.6 for EPEL at the time would have to wait for those packages to appear in SCL before the process of porting them to EPEL can even begin, time during which 2.6 is still vulnerable. Yes?
As for other solutions to security issues, is there any history of these packages resolving security issues with mongodb with external OS-level features rather than via patches to the code? It seems unlikely, in that a hack like firewalling it would be too unsubtle by half and break functionality outright. _______________________________________________ epel-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
