> From the prior posts I
>had read, the reason for the mandrake update being slower than the
>redhat release, was due to "mandrake using a highly customized version
>of apache". If you feel like debating the merits of that point, debate
>it with the original poster, and please provide an alternate reason why
>mandrake was slower to release the update (being a smaller company is an
>understandable alternate answer).
>
>But if there is any merit to the idea that mandrake's security update
>came out more slowly due to a highly customization (either in code or
>packaging) apache, then I think all my points WRT to an alternate
>vanilla package are still valid.

Man, cut the dudes at Mandrake some slack! I think that the majority of
sysadmins would do backups and take their chances before installing an apache
that didn't do php, perl, etc. I'm not about to tell my customers, "Sorry, your
online store is down until I get a patch..." Not me, not now.

I am mighty grateful for the folks at Mandrake for packaging Apache as they
have, with such wonderful features. I wouldn't want to go through the grief
they do in making all those different programs work together so nicely.

As they explained, this is not simply a download the source, build it, make a
RPM out of it, and ship it kind of deal. If you want to do that to fix your
machine, you are free to download the updated apache source and build it
yourself.

Have I been hacked? Yes, I was hit with a root exploit. I thought I had done a
ftp upgrade. I had not. I learned. But we're not even talking about a root
exploit here.

This IS rocket science. Cut the rocket science experts some slack.

Bob

For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]