“Wow! I seem to have made some people at Mandrake software a
little unhappy with last week’s comments (ya think!) Let me just
say that I have nothing against the Linux Mandrake distribution
itself — I think it’s ok. What I have a problem with is the way
Mandrake Software (the company) handles updates, security
announcements and a few other odds and ends.”
“It isn’t enough to build a finely engineered software product.
You also have to issue updates and in the case of an OS it is
critical that customers are told about security updates… This is
why I gave the Linux Mandrake distribution a “failing” grade. My
main two issues with Mandrake are the lack of a central, Mandrake
run ftp server (i.e something like updates.redhat.com). … The
other main issue I have is with the poor quality of their security
announcements. …”
“Anyways on with this weeks digest. The bad things this
week: WuFTPD and ISC’s DHCP client (both are very common) both have
remote root exploits. Not good. Also a nifty problem in vpopmail,
an extension for Qmail.”
“We lead off with general advisories and exploit code, then
vendor advisories. Most things are in alphabetical order. If we’re
missing a Linux vendor’s advisory please tell us, ditto for any
Linux related security alerts. The long strings of hex in front of
package names are MD5 signatures.”