Re: [cobalt-users] OT brief note on: CERT Advisory CA-2003-25Buffer Overflow in Sendmail

["Zeffie" <cobaltlist@xxxxxxxx>]

> > What are people's  thoughts on going ahead and installing this patch
> > rather than awaiting a sun patch? I suppose waiting could be dangerous
> > but it seemed like pain and agony for folks having to uninstall the
> > previous non-sun sendmail patches to upgrade to current sun patches. Or
> > are we all wiser now and it shouldn't be a problem when Sun finally (if)
> > issues their subsequent patches?

as I recall you represent a u.s. city....   Please do not take packages from
people you don't know and don't even live in the country.     .
oh and you messed up your box really bad because you took bad advice...  on
that note..  the following...
</end of that area>

David Thurman
well you are really getting on my last nerve tonight...  I'll thank you in a
diffrent post where I was just going to be quiet...

> Even though this may sound sh1tty, I for one might be glad to see Sun not
> release updates, and instead look for the community to meet that need.
Seems

If they depend on this community it would be the end of sun...  I would
perfer to have my software built by professionals with years of experience
and a good understanding of building and bussiness needs....  not somebody I
can't sue and can't know is real.

I can't trust "some guy (I think) in europe (I think)..."

> that Mike and pkgmaster and others at least release patches that don't
> require a patch to the patch.

your mistaken...
it's easy to see that pkgmaster has not kept up on openssl, openssh, php,
mysql, and I'm sure many more things...  they don't keep up on the
updates...  Myself I'm a bit tired of working around a bad build of
software...  not only do i have to build a redhat 9 version I have to build
around the outdated software...  I get to maintain 2 versions of php for my
customers..

now "solar spammer" over there is just building the current version of ssh
as needed...  they are not patches...  There are problems with that...  like
some things might not work as expected...  it's fun to build the most
current versions of everything and play with the new things they will do...
I run a bussiness and I don't need the latest version of everything... I
need one I can count on to continue to work in the manner it has been
working in...  while I have not tested or looked at solar spammers openssh,
the whole concept of taking software from  "some guy (I think) in europe (I
think)...  is about as stupid as it gets...  it's openssh folks.. not rocket
science!

Myself I like to follow a real leader... redhat... :)  well for us anyway...
I rebuild the redhat 9 version of openssh, openssl, and a few hundred other
things because I'm not a million dollar company and they do a much better
job on building things like...  oh perl... and they do it in a manner that I
can trust...  I can trust the openssh I get from them... and in fact I can
rebuild it with my own downloaded source and I can review every patch they
apply...  I can trust them...  I can't trust "some guy (I think) in europe
(I think)..."

>They also seem to beat Sun on patches by a
> week to months!

in most cases they didn't patch anything... they just make the new version
and if it connects... it's good to go...

companies like sun and redhat like to look at the source code and how the
software builds for it's format and they actually read a lot of code it
seems....  and they have a lot of people helping find and fix errors...  I
can TRUST them!  I can't trust "some guy (I think) in europe (I think)..."

> I might even be willing to start paying, if it meant getting
> current software installed (Never thought I would say that).

I have thought about this...  I just can't see it working well... and I
would not feel good doing it...  I want to give it all away for free...  but
with all the spamming consultants all over still...  I just don't want to...
but I think I have to...  we will see...

Zeffie
734-454-9117
http://www.zeffie.com/
Home of Worlds Largest collection of raq4 rpms