New sendmail and missing /usr/lib/sendmail

Jesse Keating jkeating at j2solutions.net
Sat Mar 25 16:49:53 UTC 2006


On Sat, 2006-03-25 at 10:24 -0500, David Eisner wrote:
> 
> Other distros had advance warning about this vulnerability, and hence 
> more time to apply patches and do testing.  Is there a way Fedora Legacy 
> could be added to the list of vendors that are notified in this type of 
> situation?
> 
> Who decides whom to notify in advance. Sendmail, Inc.? I imagine they 
> want vendors to keep the information under wraps until the official 
> announcement is made. (I could be wrong.)  How would this work with 
> Fedora Legacy?  Is it possible?
> 

This one was pushed by CERT, and they have individual agreements with
various vendors.  Fedora Legacy isn't one of those vendors.  However
after speaking with Red Hat security team, it turns out that CERT drives
an issue like this once a year or so, very low volume.  The majority of
other issues are vetted through vendor-sec, which we are a part of.  We
are moving to a point in which we can prepare updates prior to the issue
being public.  Our new build software was a huge step, so look for
faster response times in the future.

-- 
Jesse Keating RHCE      (geek.j2solutions.net)
Fedora Legacy Team      (www.fedoralegacy.org)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060325/ad35295f/attachment.sig>


More information about the fedora-legacy-list mailing list