> why is this something that trickles down so slow?
and i offer this, not as a rant response, but as as factual a
considered but not researched reply can be:
probably because the trickling down work is done by volunteers (and
probably by not enough to do it, check it, package it, release it any
faster)…
done by volunteers who have the right to decide they would rather (for
example) kiss their kids and read’em bed time stories tonight…and
work on packaging the updates for all the rest of us tomorrow, or next
week…
or, maybe the same team working on packing for your version decided
to finish the 11.2 package (released tomorrow) before they work on yours…
as far as i know (and i know i may be wrong) you can download direct
from SUN and (with the available documentation) patch your own system…
you could help yourself avoid the paranoia that way, and maybe in the
process become well enough acquainted and experienced with the entire
process to become a member of the team that does that for all of
us…and, thereby add hands to the process and speed the delivery to all…
om the other hand, if you are sufficiently paranoid you probably
should do it yourself anyway, to MAKE SURE no one slipped a back door
into the openSUSE version (assuming, of course, you actually trust SUN
to not be on the NSA/CIA/DIA/FBI/HS payrolls…)
i too have a tremendous admiration for those that contribute their time and experience to this community, it’s a thankless job with no upside, and my observation is not intended to negate their value.
since novell’s customer base is affected also, it does not seem that this type of issue is a concern for them either.
perhaps it’s not important that 11.2 will be exploitable out-of-the-box… after all, it’s free and there is no such thing as perfect software.
and yes, sun has basic rpm packages that one can use for updating.
11.2 is not out yet so you can’t say it’ll be vulnerable out of the box and I just got a Java update for 11.1 today so they’re rolling out the java updates now, albeit it’s only up for 1.5.x, I’m sure 1.6.x/openJDK will follow.
> That is to give the impression from the outside that this is exactly
> what has happened.
is a good strategy, but kinda difficult to pull off…
mine won’t answer ping, and nothing is ‘served’ and the first ~1000
ports are all ‘stealthed’/‘filtered’ yet, there are still things than
can be found to give away there is something there…i asked a friend
to do port scan my IP and he returned:
------------------quote (some info redacted)---------------------
Starting Nmap 5.00 ( http://nmap.org ) at 2009-10-02 10:50 CEST
All 1000 scanned ports on [DELETED].dynamic.dsl.tele.dk (87.xx.xx.xxx)
are filtered. Too many fingerprints match this host to give specific
OS details.
OS and Service detection performed. Please report any incorrect
results at http://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 107.69 seconds
---------------------------end quote------------------------------
yes…they always have…the question is timing (how fast the SUN
updates get to the repos for distribution to you and others)…
as always if it is not fast enough for your needs, you have the option
to download direct from SUN…(something you can’t do if you are, for
example, using Redmond’s implementation…you can wait six
months…but, those folks are used to non-secure, huh?)
–
palladium
down up hours iso
692M 1.06G 30 11.2 GNOME LiveCD (64)
693M 748M 34 11.2 GNOME LiveCD (32)
4.3G 4.1G 39 11.2 DVD