Woah there fella.
I am gonna have to stick up for Dave here.
He said if he 'wanted' to compile things he would run Fedora. He did not
say he could not.
If Apple want's to repackage open source applications and package them as
part of their server OS they should take responsibility for those
applications; that is why people pay Apple instead of running Fedora or
freeBSD.
It is an issue that Apple, with more than enough time to do so, has
elected to not patch their client or server products.
Charles Profitt
Sr. Network Technician
BrainBench Certified - (Master)Microsoft Security | (Master)Storage Area
Networks Concepts | (Master)Microsoft Vista Desktop Administration |
(Master)Macintosh OS X 10.4 Desktop Administration
75 Barker Road
Pittsford, NY 14534
Important Notice:
This communication, including any attachments, is intended only for the
use of the individual(s) or entity(s) to which it is addressed and may
contain information that is privileged, confidential and exempt from
disclosure under applicable law. If the reader of this communication is
not the intended recipient, you are hereby notified that any
dissemination, distribution or reproduction of any part of this
communication in any format is strictly prohibited. If you have received
this communication in error, please notify us immediately by replying to
this communication and deleting the original and any automatically
generated copies. Thank-you for your co-operation.
Jaime Magiera <email@hidden>
Sent by:
macos-x-server-bounces+chas_profitt=email@hidden
07/25/2008 01:20 PM
To
OS X server list <email@hidden>
cc
Subject
Re: US-CERT Vulnerability Note VU#800113
On Jul 25, 2008, at 11:44 AM, Dave Pooser wrote:
>
> I just cancelled plans to order two more Xserves for Internet-facing
> applications, and am ordering two Dell 2950s instead, with plans to
> replace
> Mac OS X Server with Red Hat Enterprise in any location that faces the
> Internet. Apple's track record of not updating their open-source
> components
> is bad enough, but when they can't be bothered to fix a security
> hole TWO
> WEEKS after the source code complete with fixes is publicly
> available--
> well, that's flat unacceptable. I'll still use Xserves for AFP and OD
> masters, but Apple's current ostrich attitude is a demonstration
> that it's
> foolish to trust their products outside the firewall. IMHO, of course.
> --
> Dave Pooser, ACSA
> Manager of Information Services
> Alford Media http://www.alfordmedia.com
Dave,
No offense man, but that's a cop-out. Your title says "Apple Certified
Server Administrator". If you can't update to the latest version of
BIND on your box, then those credentials are suspect. Most of these
components can be updated in the system without breaking anything
else. Apple balances fixes with several other factors (amount of
updates, verifiable patches, etc.). Yes, they could be a bit more
responsive in terms of it. Any company can and should be. You should
bring it to their attention, instead of bailing.
Jaime Magiera
Sensory Research
http://www.sensoryresearch.net
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
