[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] SUN don't care about security update ?
- Subject: Re: [cobalt-security] SUN don't care about security update ?
- From: inc@xxxxxxxxxxxxx
- Date: Wed, 20 Mar 2002 12:26:38 +1100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
likewise. i am so bored with the mangled redhat distro that forces
me to wait for cobalt to issue the php patch.
any "Raq5" product obviously wants to reduce dependency on cobalt
to an absolute minimum. leave me able to get updates from redhat,
coz cobalt obviously isn't interested in patching vulnerable code!
Thomas Mertz <tmertz@xxxxxxxxxxxxx> wrote:
> The main issue is not Sun not supporting custom configs. That is their
> prerogative. The BIG issue is Sun not releasing security patches in a
> timely manner. For example Sun still has not released an official patch
> for the PHP vulnerability. Other vendors had patches out the same day. I
> think the complaint from people about custom configs is centered around
> the fact that in order to make the RAQ secure you have to install
> patches not provided by Sun. This is because the product is defective,
> not because they want to do something not supported on it. Since we are
> using other products as an example - This would be like Ford telling
> customers that they would have to wait months to get replacement tires
> for their defective Firestone ones, and that if you went to your own
> mechanic and installed safe tires your Ford warranty would be voided.
> For me, this issue makes the product unusable - I can't use a product
> that has major security flaws, nor am I willing to use an unsupported
> product. If Sun does not iron out it's security issues soon we will be
> switching all customers that are on Cobalt RAQs to another platform.
>
> Tom