----- Original Message ----- From: "Michael Gale" <[EMAIL PROTECTED]> Sent: Monday, November 03, 2003 11:51 PM Subject: Re: [Full-Disclosure] Fw: Red Hat Linux end-of-life update and transition planning
> So you are saying you trust up2date to take care of all your machine updates ? That is like saying you trust Microsoft auto update to handle your servers. What happens when they release a bad patch ? or one that hoses your machine. That's why Red Hat network has an interface where you pick what updates get deployed to each machine or to each group of machines. You authorize / schedule a patch on up2date and it will grab it. Alternatively you can run up2date --update on your boxes if you just want to fetch everything if you know all existing patches are good for your environment. > This way I can test and packages before they get installed and I KNOW THE SOURCE of the packages. There is no "ops .. RedHat servers have been hacked and I just installed ...". up2date uses GPG signatures to ensure the content is signed by Red Hat. Are you saying they would hack the up2date servers and compromise the private key? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
