On Thu, 2006-10-26 at 15:28 +0200, Andreas Haupt wrote:
> what does this statement actually mean? Who feels responsible for security
> updates in the so called "external" tree (say for postgres, mysql, tomcat,
> various perl modules, etc.)? Do I have to take care of them on my own?
> You're kidding, don't you?
Of course you have to take care of them yourself, i.e. update them when
a new security-fixed version is available for your distro.
What other course of action can there be?
After all you, as a sysadmin, must maintain the security of your system.
The only reason that a patch was created for torque is that EGEE/LCG is
using an extremely outdated version of torque. And to facilitate a quick
fix to this security problem on the EGEE/LCG grid a patch had to be
delivered. If not, the only course of action would have been to wait
until a new release of torque was available and ask everyone to upgrade
to 2.1.x.
I guess that isn't going to happen very quickly.
--
Ake Sandgren, HPC2N, Umea University, S-90187 Umea, Sweden
Internet: [log in to unmask] Phone: +46 90 7866134 Fax: +46 90 7866126
Mobile: +46 70 7716134 WWW: http://www.hpc2n.umu.se
|