On Wed, 2009-05-20 at 17:12 -0500, Chris Adams wrote: > If you don't have a support entitlement but are running RHEL anyway, BZ > still probably isn't the place for you, since RH is largely only going > to listen to paying customers for RHEL issues. It isn't that they don't > value other input, but they just don't have the staff to deal with > issues from non-customers. > > In any case, if you have questions about RHEL, you should start with > www.redhat.com, not Google, BZ, etc.
To be fair, even if you go the the Redhat site, and login to support, is there any easy way to tell if a particular CVE is addressed in a given patch? I know you can search the change logs and Redhat Advisories but it sure seems that it's difficult to go from a CVE to a RHSA, although it's quite easy to go the other way. It would be nice if there was a well maintained web page that cross-referenced CVE's to RHSA's so that it would be easy to answer audit "findings". Note I'm not arguing your point that Bugzilla isn't the right place, but I'm not really sure there's anything in support either, other than opening a support request, or manually digging through change logs. If there is something there I'd love to know about it. Later, Tom _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
