[CentOS] https://rhn.redhat.com/errata/RHSA-2011-1245.html - CentOS 6
Apologies if i missed this on the list but is there a fix for this available to 6.0? https://rhn.redhat.com/errata/RHSA-2011-1245.html thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://rhn.redhat.com/errata/RHSA-2011-1245.html - CentOS 6
Hi Tom On 22 September 2011 18:21, Tom Brown t...@ng23.net wrote: Apologies if i missed this on the list but is there a fix for this available to 6.0? https://rhn.redhat.com/errata/RHSA-2011-1245.html thanks Please see below the response from Karanbir. Regards, Andy. -- Forwarded message -- From: Karanbir Singh mail-li...@karan.org Date: 1 September 2011 12:39 Subject: Re: [CentOS] Apache warns Web server admins of DoS attack tool To: CentOS mailing list centos@centos.org Thanks Tom, On 09/01/2011 02:05 AM, Tom Lanyon wrote: For EL 4, 5, 6: https://rhn.redhat.com/errata/RHSA-2011-1245.html rpms for C5 are pushed into the 5.6/cr/ repo; the c6 build is running now, we will have the cr stuff up for that today and get this into there as well. Unless Tru gets to it before me, I'll get the c4 builds out as well in a bit. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://rhn.redhat.com/errata/RHSA-2011-1245.html - CentOS 6
On 23 September 2011 15:15, Spook ZA spoo...@gmail.com wrote: Hi Tom Please see below the response from Karanbir. Regards, Andy. rpms for C5 are pushed into the 5.6/cr/ repo; the c6 build is running now, we will have the cr stuff up for that today and get this into there as well. Yes but CR for 6.0 is empty no ? thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://rhn.redhat.com/errata/RHSA-2011-1245.html - CentOS 6
What are you trying to say? Karanbirs response is three weeks old and AFAICS the 6.0/cr repo is still empty on the mirrors so there is no package for that problem available. If there are problems getting 6.0/cr going then fine but in that case fixes for such dangerous bugs should be made available in some other way for example by uploading a package to some temporary location until things are working as they should. Regards, Dennis On 09/23/2011 04:15 PM, Spook ZA wrote: Hi Tom On 22 September 2011 18:21, Tom Brownt...@ng23.net wrote: Apologies if i missed this on the list but is there a fix for this available to 6.0? https://rhn.redhat.com/errata/RHSA-2011-1245.html thanks Please see below the response from Karanbir. Regards, Andy. -- Forwarded message -- From: Karanbir Singhmail-li...@karan.org Date: 1 September 2011 12:39 Subject: Re: [CentOS] Apache warns Web server admins of DoS attack tool To: CentOS mailing listcentos@centos.org Thanks Tom, On 09/01/2011 02:05 AM, Tom Lanyon wrote: For EL 4, 5, 6: https://rhn.redhat.com/errata/RHSA-2011-1245.html rpms for C5 are pushed into the 5.6/cr/ repo; the c6 build is running now, we will have the cr stuff up for that today and get this into there as well. Unless Tru gets to it before me, I'll get the c4 builds out as well in a bit. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://rhn.redhat.com/errata/RHSA-2011-1245.html - CentOS 6
On Fri, 23 Sep 2011, Dennis Jacobfeuerborn wrote: What are you trying to say? Karanbirs response is three weeks old and AFAICS the 6.0/cr repo is still empty on the mirrors so there is no package for that problem available. If there are problems getting 6.0/cr going then fine but in that case fixes for such dangerous bugs should be made available in some other way for example by uploading a package to some temporary location until things are working as they should. Yes it'd be nice. Until then, you can always grab the redhat srpm, or get a binary rpm from SL. jh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://rhn.redhat.com/errata/RHSA-2011-1245.html - CentOS 6
On 09/23/2011 04:30 PM, John Hodrien wrote: On Fri, 23 Sep 2011, Dennis Jacobfeuerborn wrote: What are you trying to say? Karanbirs response is three weeks old and AFAICS the 6.0/cr repo is still empty on the mirrors so there is no package for that problem available. If there are problems getting 6.0/cr going then fine but in that case fixes for such dangerous bugs should be made available in some other way for example by uploading a package to some temporary location until things are working as they should. Yes it'd be nice. Until then, you can always grab the redhat srpm, or get a binary rpm from SL. Still the fact that centos is leaving its users exposed to this kind of thing is...problematic. What's even more perplexing is that according the Karanbir the package was ready to go yet since then there is a sudden radio silence for three weeks. If there are still problems with building the updates ok but then they could have at least pushed this package out or put it on some server for people to download manually and if that is a problem too then they should have put out a message the next day that there are still problems and that people are better off building the updated package themselves. At least that would have given the users some information to act on. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://rhn.redhat.com/errata/RHSA-2011-1245.html - CentOS 6
On 09/23/2011 09:53 AM, Dennis Jacobfeuerborn wrote: On 09/23/2011 04:30 PM, John Hodrien wrote: On Fri, 23 Sep 2011, Dennis Jacobfeuerborn wrote: What are you trying to say? Karanbirs response is three weeks old and AFAICS the 6.0/cr repo is still empty on the mirrors so there is no package for that problem available. If there are problems getting 6.0/cr going then fine but in that case fixes for such dangerous bugs should be made available in some other way for example by uploading a package to some temporary location until things are working as they should. Yes it'd be nice. Until then, you can always grab the redhat srpm, or get a binary rpm from SL. Still the fact that centos is leaving its users exposed to this kind of thing is...problematic. What's even more perplexing is that according the Karanbir the package was ready to go yet since then there is a sudden radio silence for three weeks. If there are still problems with building the updates ok but then they could have at least pushed this package out or put it on some server for people to download manually and if that is a problem too then they should have put out a message the next day that there are still problems and that people are better off building the updated package themselves. At least that would have given the users some information to act on. What other packages inside the system might be impacted by changing the httpd executable? What shared libraries might needed to run the new version of httpd that were built on the 6.1 tree and may not work without the other updates. One package can not be built and pushed in a totally different tree and then released. It requires testing. We are doing the best we can. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://rhn.redhat.com/errata/RHSA-2011-1245.html - CentOS 6
On 09/23/2011 07:12 PM, Johnny Hughes wrote: On 09/23/2011 09:53 AM, Dennis Jacobfeuerborn wrote: On 09/23/2011 04:30 PM, John Hodrien wrote: On Fri, 23 Sep 2011, Dennis Jacobfeuerborn wrote: What are you trying to say? Karanbirs response is three weeks old and AFAICS the 6.0/cr repo is still empty on the mirrors so there is no package for that problem available. If there are problems getting 6.0/cr going then fine but in that case fixes for such dangerous bugs should be made available in some other way for example by uploading a package to some temporary location until things are working as they should. Yes it'd be nice. Until then, you can always grab the redhat srpm, or get a binary rpm from SL. Still the fact that centos is leaving its users exposed to this kind of thing is...problematic. What's even more perplexing is that according the Karanbir the package was ready to go yet since then there is a sudden radio silence for three weeks. If there are still problems with building the updates ok but then they could have at least pushed this package out or put it on some server for people to download manually and if that is a problem too then they should have put out a message the next day that there are still problems and that people are better off building the updated package themselves. At least that would have given the users some information to act on. What other packages inside the system might be impacted by changing the httpd executable? What shared libraries might needed to run the new version of httpd that were built on the 6.1 tree and may not work without the other updates. One package can not be built and pushed in a totally different tree and then released. It requires testing. We are doing the best we can. And this is really appreciated believe me but here is the problem: Three week ago Karanbir announced an imminent release for the httpd package. Since then nothing happened. Let's assume for a moment a major problem was discovered that somehow prevent the new package from being released. Let's also assume that everyone who could address the problem is really busy with really important stuff. Why wasn't it possible for anyone to send out an announcement basically saying: For reasons we don't want disclose we cannot push out an updated httpd package anytime soon. Please build your own updated versions or find someone who can do it for you. At least people would know what the situation is. *THAT* is the issue here. I can understand that all this stuff is complicated but sending an email is not and so that is always something you could and should fall back on in the absence of any better options. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
