New sendmail and missing /usr/lib/sendmail
Eric Rostetter
rostetter at mail.utexas.edu
Sun Mar 26 04:36:34 UTC 2006
Quoting David Eisner <cradle at umd.edu>:
> Eric Rostetter wrote:
>> This sounds like what happens when we rush the QA processes...
>
> Other distros had advance warning about this vulnerability,
So did FL technically.
> and hence
> more time to apply patches and do testing.
They didn't have more time to apply patches. They did have more time
to do testing, as they have professional (internal) QA testers.
> Is there a way Fedora
> Legacy could be added to the list of vendors that are notified in this
> type of situation?
It is.
> Who decides whom to notify in advance. Sendmail, Inc.? I imagine they
> want vendors to keep the information under wraps until the official
> announcement is made. (I could be wrong.) How would this work with
> Fedora Legacy? Is it possible?
We were notified. We didn't act because it was "bad timing" for FL.
But that isn't the issue IMHO. We had an update-testing version out
fast. We just shouldn't have pushed it to updates so fast IMHO.
> -David
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Go Longhorns!
More information about the fedora-legacy-list
mailing list