[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE-2017-14482 - Red Hat Customer Portal
From: |
Maxim Cournoyer |
Subject: |
Re: CVE-2017-14482 - Red Hat Customer Portal |
Date: |
Sun, 24 Sep 2017 13:17:41 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Emanuel Berg <moasen@zoho.com> writes:
> Bob Proulx wrote:
>
>> That's great! Using distributions with
>> security teams much simplifies things for the
>> end user. Otherwise every user would need to
>> closely follow each and every one of the
>> zillion software projects installed on their
>> system. Software packaging makes
>> this simpler.
>
> Yes, except for some cases, because it requires
> that enough people use it so that the stuff is
> kept up to date.
>
> For example, there should be many lispers
> reading this. SBCL, ECL, CCL, what have you.
> Take a look at the software in your repos.
> Compare it to the versions you'd find on the
> web. People aren't cool enough in general for
> the really cool people to find what they want.
>
> Why it has to be like this I have no idea.
> Why can't you get the latest stuff the
> same way?
>
> And it is not about getting the bleeding edge
> just for the sake of it. Some stuff is really,
> really outdated and there is no way around it
> except bypassing the package
> manager altogether.
Have you heard about GNU Guix/GuixSD[1]? While not all the packages are
always at the latest version, the maintainers strive to keep the CVEs patched
and it is otherwise straightforward to update a package definition and
use it locally (no need to be root!), or better, contribute the
patch back.
In fact, I see some people starting to use Guix atop traditional distros
to get bleeding edge packages.
Maxim
[1] https://www.gnu.org/software/guix/
- RE: CVE-2017-14482 - Red Hat Customer Portal, (continued)
- RE: CVE-2017-14482 - Red Hat Customer Portal, Ludwig, Mark, 2017/09/26
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Narendra Joshi, 2017/09/26
- Re: CVE-2017-14482 - Red Hat Customer Portal, Philipp Stephani, 2017/09/26
- Message not available
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, ken, 2017/09/22
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/22
- Re: CVE-2017-14482 - Red Hat Customer Portal, Bob Proulx, 2017/09/23
- Message not available
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal,
Maxim Cournoyer <=
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24
Re: CVE-2017-14482 - Red Hat Customer Portal, Richard Melville, 2017/09/27