-------- Original Message -------- Subject: Re: [Alug] (RedHat) rsync-2.4.6-8 Update BROKEN Date: Fri, 1 Feb 2002 09:57:47 +0000 From: James Ray jamesr@pethippo.co.uk To: James jtl1listmail@bigfoot.com CC: ALUG main@lists.alug.org.uk
James Ray wrote:
On Thu, Jan 31, 2002 at 12:18:41PM +0000, James wrote:
Simon
The rsync security fix released by RedHat was also broken :-( Many other distributions have yet to release any fixes at all.
[Snip]
Anyone that wants to hear about security fixes is surely on all/most of the major security mailing lists? Nice to be concerned for other peoples system welfare but I hate getting one copy of the mail directly and another forwarded on yet another mailing list, *sigh*. Thats 5 times I have seen this email appear, 6 including the direct email from RedHat's security list itself.
Just my $0.02
Too Bad that I've added to your information overload sunshine; I just knew that someone would complain. As far as security is concerned, there is one maxim you may also know from assembler programming: Assume Nothing.
I handed out a CD containing updates with this broken rsync on it at an ALUG meeting, so in this instance I had a responsibility to warn the recipient, and anyone else that might had taken copies of it. Some people receive the security notices separately, but get too busy to read 'em. Also - Redhat's listserver often gets constipated and doesn't send out notices in a timely manner.
--James