[San-Diego-pm] Bad bug in Red Hat version of Perl
Bill Davidson
billdsd at gmail.com
Tue Aug 26 14:08:16 PDT 2008
Chris Grau wrote:
> For anyone who hasn't seen it yet.
>
> http://blog.vipul.net/2008/08/24/redhat-perl-what-a-tragedy/
>
> https://bugzilla.redhat.com/show_bug.cgi?id=379791
>
In general, I try not to depend upon RedHat for my production software
anymore. My company was failing PCI (Payment Card Industry)
compliance testing because RedHat's Openssl was over two years and
six releases out of date and had published vulnerabilities. Attempts to
get RedHat to deliver updated packages failed. I built a current version of
Openssl and Apache Httpd myself so it's all up to date and now we pass.
You would think that a company billing itself as /the/ standard of Linux
server distributions, and charging for it, would keep up with vital security
packages.
It is no surprise to me that their version of Perl is similarly out of
date and
having long known serious problems.
More information about the San-Diego-pm
mailing list