[CentOS] problem i didn't seeing list file new on centos
hi i have two server *CentOS 6.5* and *CentOS 5.9 * i have one *SAN Storage* on both servers but when i create file one of server (example Centos 6.5) Other Sever (Centos 5.9) do not see file and i must *umount* Disk to seeing files new how solve this problem format disk *EXT3* Tnx ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] problem i didn't seeing list file new on centos
On 6/18/2016 12:09 AM, alireza baghery wrote: i have two server *CentOS 6.5* and *CentOS 5.9 * i have one*SAN Storage* on both servers but when i create file one of server (example Centos 6.5) Other Sever (Centos 5.9) do not see file and i must*umount* Disk to seeing files new how solve this problem format disk *EXT3* you can't share SAN block storage like that, unless its some special sharable cluster file system (ex*fs is not!). Frankly, I'm really surprised you haven't corrupted this file system already. You want NAS, not SAN for this.Use NFS for sharing files between multiple Linux/Unix systems. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum "Requires" yum-plugin-fastestmirror; why?
On 17/06/16 20:04, Warren Young wrote: In another recent thread,[1] someone was having trouble with the yum-plugin-fastestmirror feature, so I suggested he remove it, since it’s just a plugin and should therefore be optional. He reported that it couldn’t be removed due to package dependencies. I investigated further and found that this also affects CentOS 5.11 and CentOS 7.2. (The OP is on CentOS 6.8.) So, I reported it as a bug upstream, and they claim their yum package doesn’t do that, so they’re bouncing the problem back downstream. I checked, and they’re right insofar as CentOS’s current C7 yum.spec file has this on line 118: Requires: yum-plugin-fastestmirror I then tried to go get the RHEL SRPM for yum to compare its spec file to C7’s, but their download site just refers visitors to git.centos.org, and the yum repo there doesn’t seem to have an upstream RHEL7 branch. So, I started poking around in the yum.spec file history, and indeed, the oldest yum.spec file on the c7 branch doesn’t have that Requires line! It was introduced in checkin f1c1b982, which claims all it does is “debrand yum-3.4.3-132.el7”.[2] I realize it is in the CentOS project’s best interest if users always use the fastest mirror when downloading, but I claim that it is a bug to mark any plugin as Requires, particularly when upstream does not. Correct, the fastestmirror plugin is a requirement on CentOS (and Scientific Linux) but is not on RHEL. It was originally discussed here: https://lists.centos.org/pipermail/centos-devel/2008-June/002864.html Personally, I'm firmly in favour of having fastestmirror plugin as a dependency in yum as it will benefit the vast majority of people IMHO. Plus it is easily disabled for those who disagree. The very fact it's taken 8 years for anyone to notice/comment kind of supports this point of view. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum "Requires" yum-plugin-fastestmirror; why?
On 18.06.2016 12:39, Ned Slider wrote: On 17/06/16 20:04, Warren Young wrote: In another recent thread,[1] someone was having trouble with the yum-plugin-fastestmirror feature, so I suggested he remove it, since it’s just a plugin and should therefore be optional. He reported that it couldn’t be removed due to package dependencies. I investigated further and found that this also affects CentOS 5.11 and CentOS 7.2. (The OP is on CentOS 6.8.) So, I reported it as a bug upstream, and they claim their yum package doesn’t do that, so they’re bouncing the problem back downstream. I checked, and they’re right insofar as CentOS’s current C7 yum.spec file has this on line 118: Requires: yum-plugin-fastestmirror I then tried to go get the RHEL SRPM for yum to compare its spec file to C7’s, but their download site just refers visitors to git.centos.org, and the yum repo there doesn’t seem to have an upstream RHEL7 branch. So, I started poking around in the yum.spec file history, and indeed, the oldest yum.spec file on the c7 branch doesn’t have that Requires line! It was introduced in checkin f1c1b982, which claims all it does is “debrand yum-3.4.3-132.el7”.[2] I realize it is in the CentOS project’s best interest if users always use the fastest mirror when downloading, but I claim that it is a bug to mark any plugin as Requires, particularly when upstream does not. Correct, the fastestmirror plugin is a requirement on CentOS (and Scientific Linux) but is not on RHEL. It was originally discussed here: https://lists.centos.org/pipermail/centos-devel/2008-June/002864.html Personally, I'm firmly in favour of having fastestmirror plugin as a dependency in yum as it will benefit the vast majority of people IMHO. Plus it is easily disabled for those who disagree. yes but why is it not possible to have really the fastest mirrors? I'm from Europe, and with or without this plugin there are only hosts from other continents are contacted ... and that there would be no host in Europe is definitely wrong ... as it seems, the configureable parameters in /etc/yum/pluginconf.d/fastestmirror.conf have never been tested before ... because exclude=.edu,.com,.org include_only=\.at$,\.ch$,\.de$,\.nl$,\.uk$ gives this: Determining fastest mirrors * base: mirror.keystealth.org * epel: mirror.math.princeton.edu * extras: mirror.keystealth.org * updates: mirror.keystealth.org why not mirror.nextlayer.at or mirror.inode.at? so the question where can I really take influence which mirrors are used? or just how is "fastest" defined? Thanks, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
On Fri, 2016-06-17 at 15:56 +0100, Michael H wrote: > On 17/06/16 15:46, James B. Byrne wrote: > > > > We operate a private CA for our domain and have since 2005. We > > maintain a public CRL strictly in accordance with our CPS and have our > > own OID assigned. Our CPS and CRL together with our active, expired > > and revoked certificate inventory is available online at > > ca.harte-lyne.ca. Our CPS states that we will only issue certificates > > for our own domain and furthermore we only issue them for equipment > > and personnel under our direct control. > https://harte-lyne.ca/ > > net::ERR_CERT_AUTHORITY_INVALID Your connection is not secure The owner of harte-lyne.ca has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS Virtual Machine System Time
We run several CentOS 6 and CentOS 7 systems as virtual machines using VirtualBox on Windows 7. Most of these systems have continuous up time. The Windows 7 foundation platforms have no difficulty keeping accurate system time unless they are shut down for some reason, which is rare in our environment. We generally restart the Windows 7 machines at leastweekly rather than performing a complete power up restart. The CentOS virtual machines are shut down at times, usually to switch between versions that support various applications and for updates using yum. When the virtual CentOS systems are brought up, the system time always matches the Windows 7 host system time. We have recently noticed that after several hours, the CentOS system time has started to lag behind. The time difference in a week can be as much as four days. This system time lag has not always been immediately discovered by the user resulting in some annoying file date issues. Access to some web sites have also been a problem due to the "date in the future" issue. We are now on the lookout for this system time problem and restart the virtual machine to set the current date and time. Is this a common time problem when running CentOS as a virtual machine? Any suggestions regarding the cause if this problem and how to keep the CentOS system time locked to the host platform time would be greatly appreciated. Thanks. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
On Sat, June 18, 2016 7:52 am, Always Learning wrote: > > On Fri, 2016-06-17 at 15:56 +0100, Michael H wrote: > >> On 17/06/16 15:46, James B. Byrne wrote: > >> > >> > We operate a private CA for our domain and have since 2005. We >> > maintain a public CRL strictly in accordance with our CPS and have our >> > own OID assigned. Our CPS and CRL together with our active, expired >> > and revoked certificate inventory is available online at >> > ca.harte-lyne.ca. Our CPS states that we will only issue certificates >> > for our own domain and furthermore we only issue them for equipment >> > and personnel under our direct control. > > >> https://harte-lyne.ca/ >> >> net::ERR_CERT_AUTHORITY_INVALID > > Your connection is not secure > > The owner of harte-lyne.ca has configured their website improperly. To > protect your information from being stolen, Firefox has not connected to > this website. > You too huh? Did you, guys read what the owner of that domain wrote? I would suggest to go back to his post, and read the whole piece he wrote, not just the paragraph you left quoted here. It is instructive. And he definitely is qualifies to run Certification Authority. And can teach how to do it. That is what he did in his post. Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
On 18.06.2016 03:41, Gordon Messmer wrote: On 06/17/2016 07:56 AM, James B. Byrne wrote: On Thu, June 16, 2016 14:09, Gordon Messmer wrote: I doubt that most users check the dates on SSL certificates, unless they are familiar enough with TLS to understand that a shorter validity period is better for security. What evidence do you possess that supports this assertion and would you care to share it with us? https://letsencrypt.org/2015/11/09/why-90-days.html "29% of TLS transactions use ninety-day certificates." could this statement be a little bit more precise ... or another thought, if every website contained this: https://www.track.org/track.png?id=75r75fbbf75hfn";> and the host 'www.track.org' used a 90day throw-away certificate then the statement wouldn't say anything, because nobody said, if it was in connection with explicit wanted TLS transactions ... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
On Sat, 2016-06-18 at 08:20 -0500, Valeri Galtsev wrote: > On Sat, June 18, 2016 7:52 am, Always Learning wrote: > > > > Your connection is not secure > > > > The owner of harte-lyne.ca has configured their website improperly. To > > protect your information from being stolen, Firefox has not connected to > > this website. > You too huh? No ! I get the similar 'Firefox version dependent' message when a new machine logs-on to a secure web site, on a non-standard port with Internet access restricted to designated individual IPs. Instead of paying money for a "proper" certificate to access sensitive restricted applications on the Internet, I make the certificates - that is the beauty of being non-Wondoze and using Centos. ;-) -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Virtual Machine System Time
On 18.06.2016 14:54, Chris Olson wrote: We run several CentOS 6 and CentOS 7 systems as virtual machines using VirtualBox on Windows 7. a similar setup as mine; I use VMware; have you installed and configured ntp? does virtualbox provide some package for Linux, that optimizes the usage as virtual machine guest? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Virtual Machine System Time
Is this a common time problem when running CentOS as a virtual machine? Any suggestions regarding the cause if this problem and how to keep the CentOS system time locked to the host platform time would be greatly appreciated. Thanks. Have you installed VBox Guest Additions? These will sync guest time with the host. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] problem i didn't seeing list file new on centos
On Sat, 2016-06-18 at 11:39 +0430, alireza baghery wrote: > hi > i have two server *CentOS 6.5* and > *CentOS 5.9 * You may wish to update your Centos to the latest versions:- Centos 5.11 Centos 6.8 -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum timeout ... (CentOS 6.8)
On 16.06.2016 22:12, Warren Young wrote: On Jun 16, 2016, at 1:04 PM, Walter H. wrote: You can just remove the plugin: yum remove yum-fastestmirror not really [root@host /]# yum remove yum-fastestmirror ... Error: Trying to remove "yum", which is protected That’s annoying. I’ve filed a bug for that upstream: https://bugzilla.redhat.com/show_bug.cgi?id=1347426 I found out some crazy things my setup is private IPv4 behind a NAT-Router (192.168.1.0/24) and as my ISP is still IPv4only I have a IPv6 tunnel (Hurricane Electric) the other end of the tunnel is not in US, it is in Germany(!) any access with port 80 or 443 is blocked except from proxy; and I did the following on squid: tcp_outgoing_address 192.168.1.10 linux-hosts and now after 'yum clean all', I get this when 'yum list kernel' [root@host /]# yum list kernel Loaded plugins: fastestmirror Determining fastest mirrors * base: mirror.inode.at * extras: mirror.inode.at * updates: mirror.inode.at ... and this is what I except ... and the following settings in /etc/yum/pluginconf.d/fastestmirror.conf exclude=.edu,.com,.org include_only=\.at$,\.ch$,\.de$,\.nl$,\.uk$ are placebo, they don't work; because without the "hack setting" in squid, which in fact disables IPv6 for the linux-hosts(!) these two settings result in Determining fastest mirrors * base: mirror.keystealth.org * epel: mirror.math.princeton.edu * extras: mirror.keystealth.org * updates: mirror.keystealth.org Greetings, Walter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos update 6.8 to 7
I downloaded Centos 7 and i want to update from local usb i created using dd if=cenots7 of=/dev/sdc i dont want to reinstall, i need just to update.What would be the best way to do so pleaseThanks muchBachir ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
On Fri, June 17, 2016 11:06, Walter H. wrote: > On 17.06.2016 16:46, James B. Byrne wrote: >> On Thu, June 16, 2016 13:53, Walter H. wrote: >>> On 15.06.2016 16:17, Warren Young wrote: but it also affects the other public CAs: you canât get a publicly-trusted cert for a machine without a publicly-recognized and -visible domain name. For that, you still need to use self-signed certs or certs signed by a private CA. >>> A private CA is the same as self signed; >>> >> No it is not. A private CA is as trustworthy as the organisation >> that >> operates it. No more and not one bit less. >> >> We operate a private CA for our domain and have since 2005. We >> maintain a public CRL strictly in accordance with our CPS and have >> our >> own OID assigned. > for your understanding: every root CA certificate is self signed; > any SSL certificate that was signed by a CA not delivered as built-in > token in a browser is the same as self-signed; > > > For your understanding, a self-signed certificate is one that has been signed by itself. Naturally ALL root certificates are self-signed. The self-signed root cert is then used to sign a subordinate CA issuing cert and that issuing cert is used to sign other subordinate CAs and / or end-user certs depending upon the permissions given it by the original signing certificate. This establishes the certificate trust chain. If website presents an actual self-signed cert to Firefox for example, it will refuse it. I suppose there is a way to circumvent this behaviour but I am not aware of it. If you present a certificate that is not self-signed but is signed by an authority whose root certificate chain is not in the trusted root store then Firefox gives you a warning -- as given in a preceding message 'net::ERR_CERT_AUTHORITY_INVALID' -- but it none-the-less allows you to accept the certificate as an exception and proceed to the website. If you do not want to get warnings and you trust the issuer then you can add their issuing CA cert chain to your trusted root certificate store. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [Fwd: Re: https and self signed]
On Fri, June 17, 2016 13:08, Valeri Galtsev wrote: > > We do not expire accounts until the person leaves the Department > and grace period passes. Then we do lock account and after some > time person's files are being deleted. This is the policy, and > this is what we do. The only time when account expiration is being > set is for undergraduate students who temporarily work with some > professor. For them expiration is being changed when the continue > to work with the professor next academic year. > > Is this not what everybody does? > Every end-user account, including my own, is given an expiry date six to twelve months in the future and that is extended at intervals as needed. The only exception to this are the root users which have no expiry date set. A forgotten and disused user account that retains access to your system is a significant risk in my opinion. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
On 06/18/2016 02:49 PM, James B. Byrne wrote: On Fri, June 17, 2016 21:40, Gordon Messmer wrote: https://letsencrypt.org/2015/11/09/why-90-days.html With respect citing another person's or people's opinion in support of your own is not evidence in the sense I understand the word to mean. I'm not interested in turning this in to a discussion on epistemology. This is based on the experience (the evidence) of some of the world's foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc). The assertion expressed in the link given above that 90-day certificate lives will serve to increase certificate renewal automation is at best a pious hope. You are ignoring the fact that the tool used to acquire letsencrypt certificates automates the entire process. They're not merely hoping that users will automate the process, they're automating it on behalf of users. They've done everything but schedule it for their users. One that is unlikely to be realised in my opinion for the simple reason that automated and therefore mostly unobserved security systems are a primary target for tampering. For someone who wants "evidence" you make a lot of unsupported assertions. You do see the irony, don't you? Likewise the authors' opinion that pki certificates are in general just casually left laying around to be compromised displays a certain level of what reasonably could be considered elitist contempt for the average human's intelligence. Or, you know, a review of actual security problems in the real world. Even as arguments I find these two positions are less than compelling. And in no respect could either opinion be considered evidence. That's fine. I don't really need to convince you, personally, of anything. But for the security of the internet community in general, I'll continue to advocate for secure practices, including pervasive security (which means reducing barriers to the use of encryption at all points along the process of setup). ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [Fwd: Re: https and self signed]
On Sat, June 18, 2016 5:20 pm, James B. Byrne wrote: > > On Fri, June 17, 2016 13:08, Valeri Galtsev wrote: > >> >> We do not expire accounts until the person leaves the Department >> and grace period passes. Then we do lock account and after some >> time person's files are being deleted. This is the policy, and >> this is what we do. The only time when account expiration is being >> set is for undergraduate students who temporarily work with some >> professor. For them expiration is being changed when the continue >> to work with the professor next academic year. >> >> Is this not what everybody does? >> > > Every end-user account, including my own, is given an expiry date six > to twelve months in the future and that is extended at intervals as > needed. The only exception to this are the root users which have no > expiry date set. > > A forgotten and disused user account that retains access to your > system is a significant risk in my opinion. I run [multi-user] systems under assumptions that bad guy is already inside. Two (or so) incidents when bad guys tried to elevate privileges (unsuccessfully) I probably mentioned already were from accounts of users that still were in the Department at those moments. Not from accounts that shouldn't be in the system already. Probably because though our policies differ from yours, we still do not have users whose accounts should be closed - they indeed had been closed. Most of the servers I run do not allow remote root login (I'm simplifying, things are a bit more sophisticated here, which I prefer not to describe: information is first step in long process of compromising your machine). Now with no root login, imagine one or all regular accounts who _can_ su onto root just expired. Have you ever locked yourself out with firewall? Remember: when enabling firewall changes we always were leaving at task some 10 min in a future that reverts all changes and restarts firewall - just in case you locked your out by these changes. We always do that, right? Only when you are locked off your machine because of expired regular user (the only one who can su into root account) nothing saves your day: you will need a warm body in your server room with the ability to become root to extend that your account. Or you have some other plan for the scenario I described? What is it, I'm really curious. Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
On Sat, 2016-06-18 at 15:39 -0700, Gordon Messmer wrote: > I'm not interested in turning this in to a discussion on epistemology. > This is based on the experience (the evidence) of some of the world's > foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc). The same Mozilla Foundation that got USD 50 million from Google some years ago and the same Mozilla Foundation that automatically sends URLs to Google (the world's biggest spying operation) - questionable safety credentials that security conscious administrators might not implicitly trust. I support a DNS record solution for certificate authenticity. -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
On Sat, June 18, 2016 6:50 pm, Always Learning wrote: > > On Sat, 2016-06-18 at 15:39 -0700, Gordon Messmer wrote: > >> I'm not interested in turning this in to a discussion on epistemology. >> This is based on the experience (the evidence) of some of the world's >> foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc). > > The same Mozilla Foundation that got USD 50 million from Google some > years ago and the same Mozilla Foundation that automatically sends URLs > to Google (the world's biggest spying operation) - questionable safety > credentials that security conscious administrators might not implicitly > trust. Which browser do you use? I still am in a process of finding replacement for Firefox (the closest is midori, it doesn't fully fill the bill for me though). With this opinion about Mozilla Foundation you definitely are not using their Firefox and Thunderbird, right? I have one more constraint: I need to use it under FreeBSD (these are my laptop and workstation), so I probably have to be able to build it myself (as, if it is in FreeBSD ports/packages, I likely already tried it...). Thanks. Valeri > > I support a DNS record solution for certificate authenticity. > > > -- > Regards, > > Paul. > England, EU. England's place is in the European Union. > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos update 6.8 to 7
On Jun 18, 2016, at 5:50 PM, Bachir Bachir wrote: > I downloaded Centos 7 and i want to update from local usb i created using dd > if=cenots7 of=/dev/sdc i dont want to reinstall, i need just to update.What > would be the best way to do so pleaseThanks muchBachir There is no supported mechanism for upgrading from CentOS6 to CentOS7. The unsupported ways of doing it can leave you system broken. Better to just back up your data and reload with the CentOS7 media. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https and self signed
On Sat, 2016-06-18 at 19:49 -0500, Valeri Galtsev wrote: > Which browser do you use? I still am in a process of finding replacement > for Firefox (the closest is midori, it doesn't fully fill the bill for me > though). There is a Mozilla folk called Palemoon by some Europeans (Sweeds, I think) http://palemoon.org I have not tried it. Finding a suitable browser is difficult. I hate the spying and privacy-breaching tactics of once-impressive free browsers. To use Firefox with all the spyware/privacy-breaching disabled takes time and effort then the administration of Asus routers does not work because of something bad in their Java scripts which, despite the allegation of being Linux based, has Wondoze type .asp web pages. Just want an easy life where everything works smoothly. -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Pulling in broadwell support for cent6u5
On 16/06/16 13:18, Johnny Hughes wrote: .. the actual definition of a 'CRITICAL' update from Red Hat's perspective is: "This rating is given to flaws that could be easily*exploited by a remote unauthenticated attacker and lead to system compromise (arbitrary code execution) without requiring user interaction*. These are the types of vulnerabilities that can be exploited by worms. Flaws that require an authenticated remote user, a local user, or an unlikely configuration are not classed as Critical impact." Taken from: https://access.redhat.com/security/updates/classification I think it's time to add a another link to the mailman suffix. That bold section should scare anyone storing public data on their servers without keeping up with security updates whether critical or not! I'd say that whole paragraph needs to be added to the Wiki somewhere and the email suffix modified to include a link to it. This would give us a place to point people to - such as - *S**ee link at bottom of signature, you *. ak. PS: Here's what my suggestion might look like: -- CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Latest CentOS Release - 7.v.wxyz - https://wiki.centos.org/read-this-if-centos-version-not-at-7.v.wxyz And just as Johnny said - but what the heck do I know? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
