On 09/12/2020 22:25, Paul Gilmartin wrote:
On Wed, 9 Dec 2020 21:58:34 +0000, Frank Swarbrick wrote:
I have downloaded and installed in my personal z/OS Unix directory curl and a few other
z/OpenSource tools from Rocket Software. I have asked my z/OS security guy if we can go ahead and
have our systems group (outsourced to IBM zCloud) "officially" install them. He came
back with the following: "My question is how do we approve, track and secure the open source
code we are putting on z/OS?"
Note that curl issued multiple security advisories today, including:
https://curl.se/mail/archive-2020-12/0007.html
How long does it take Rocket to catch up?
Have Rocket's patches been merged into the curl base on github?
Does anyone have suggestions on answering this concern?
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
Please see the Rocket forum about how they maintain and distribute
updates to the tools and using miniconda as the deployment tool.
Internally Rocket have done a lot of work to speed up delivery of new
releases and CVE fixes. https://community.rocketsoftware.com/home.
Tony Sinfield, Rocket Software.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
