Hi
>
> (hmmm - is it allowed to say R** H** in SL??? ;-)
You rather say TUV (The Upstream Vendor) ;-)
[...]
> It does, however, leave open the more general question of how RH
> should be informing the world about their response to security
> advisories which are on the public record, but for which their version
> has been rated as safe. At the moment they seem to be staying quiet,
> which may be at least one excuse that I can give for the commotion
> here.
Indeed they are not doing announcements about not being
affected by given vulnerability, but:
access to the Knowledge Base (from which the citation
in that LWN thread comes) is public: http://kbase.redhat.com
And there is also an article there addressing specifically
this subject: http://kbase.redhat.com/faq/FAQ_58_8448.shtm
(basically rpm -q package.rpm --changelog )
Best Regards
Jarek
__
-------------------------------------------------------
_ Jaroslaw_Polok ___________________ CERN - IT/FIO/LA _
_ http://home.cern.ch/~jpolok ___ tel_+41_22_767_1834 _
_____________________________________ +41_78_792_0795 _