[San-Diego-pm] Bad bug in Red Hat version of Perl

Bill Davidson billdsd at gmail.com
Tue Aug 26 14:08:16 PDT 2008

Chris Grau wrote:
> For anyone who hasn't seen it yet.
>     http://blog.vipul.net/2008/08/24/redhat-perl-what-a-tragedy/
>     https://bugzilla.redhat.com/show_bug.cgi?id=379791

In general, I try not to depend upon RedHat for my production software
anymore.  My company was failing PCI (Payment Card Industry)
compliance testing because RedHat's Openssl was over two years and
six releases out of date and had published vulnerabilities.  Attempts to
get RedHat to deliver updated packages failed.  I built a current version of
Openssl and Apache Httpd myself so it's all up to date and now we pass.

You would think that a company billing itself as /the/ standard of Linux
server distributions, and charging for it, would keep up with vital security

It is no surprise to me that their version of Perl is similarly out of 
date and
having long known serious problems.

More information about the San-Diego-pm mailing list