Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110502182907.GA20415@openwall.com>
Date: Mon, 2 May 2011 22:29:07 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: Closed list

On Mon, May 02, 2011 at 01:04:44PM -0500, Mark Hatle wrote:
> I am a bit confused though.  If I (as a non-RH customer) look to download their
> latest security updates, I don't see an obvious way of doing it based on their
> advisories.  For instance:
> 
> https://rhn.redhat.com/errata/RHSA-2011-0421.html
> 
> This advisory ends with:  (The unlinked packages above are only available from
> the Red Hat Network)

Yes, Red Hat advisories say that, but in practice the .src.rpm's are
freely downloadable.  Here's one mentioned in the advisory above:

lftp ftp.redhat.com:/pub/redhat/linux/enterprise/6Server/en/os/SRPMS> ls -l kernel-2.6.32-71.24.1.el6.src.rpm
-rw-r--r--    5 ftp      ftp      67060785 Apr 07 02:51 kernel-2.6.32-71.24.1.el6.src.rpm

Yes, it's weird.

> This requires that I have a support account in order to download the update.

For binary updates, yes.  For sources, no (although the wording in the
advisories is such that you get that impression).

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.