SCIENTIFIC-LINUX-USERS Archives

August 2017

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
ToddAndMargo <[log in to unmask]>
Reply To:
ToddAndMargo <[log in to unmask]>
Date:
Fri, 18 Aug 2017 10:36:58 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (66 lines)
On 08/17/2017 01:03 PM, David Sommerseth wrote:
> On 17/08/17 18:33, ToddAndMargo wrote:
>> On 08/17/2017 09:23 AM, ToddAndMargo wrote:
>>> Mozilla Firefox 55 source tarball
>>
>> The latest is 52 in sl-testing:
>>
>> firefox-52.3.0-2.el7_4.i686 : Mozilla Firefox Web browser
>> Repo        : sl-testing
>>
>>
>> I have to be up to date, especially with me doing PCI
>> (credit card) consulting.
>>
>> SL has really become a bad match for what I am doing.
>> I really should be on a Kaisen OS not a an
>> anti-Kaisen OS, but I can not afford the
>> cost of an upgrade to Fedora at the due to the
>> never ending recession.  So I mumble a lot.
> 
> You do realise that firefox-52 packaged for SL7 is the Firefox ESR edition?
> <https://www.mozilla.org/en-US/firefox/organizations/faq/>

Yes I do.  All bugs and security flaws frozen in place for those
that don't like to upgrade their software and those that get
tired of having to respin an RPM every month or so due
to the rapid pace of Firefox's development.  EL Linux
is an anti-Kaisen OS and Red Hat gets CRABBY about having
to update things and often does not.

> Even though it's a while since I've looked at the PCI-DSS stuff; but I
> do not ever recall it requiring specific versions of software.  

I required that you be up to date on all your software.
On the Windows side, I run Kaspersky's "vulnerability Scan"
which looks at all your installed software and lets you know
what is out of date (Acrobat Reader, Java, Firefox, Java,
etc.).  Without Kaspersky. I'd have to go through each
program one at a time, which is pain in the neck.

> I do
> remember it saying something about running up-to-date OS and
> applications though.  Firefox ESR releases are the browser equivalent to
> "Enterprise Linux".  So ESR releases should really fit the bill for PCI-DSS.

On an EL Linux install only.  On Windows, no one will put up
with all the bugs and missing features.  This is why I have
to stay current.

The ESR would probably get you off the hook liability wise,
but since PCI is not about security, but rather about liability
shifting, if you get hacked, the lawyers could make a case that
you knowingly used a version of Firefox with know security flaws.

The lawyers are trying to make the case that you should have to
pick up the financial liability for all the costs of the breach.
It could be argued back that the ESR slipstreams security
patches into its release, but it would be counter argues that
in reality, they seldom do.

Until I get this figured out, I have been using weird old Midori.
Maybe I will go to the dark side and install Chromium

Do you know anyway to uninstall the recent updates that
caused this?

ATOM RSS1 RSS2