[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why no security update of apache2 concerning SSLv3?

On Thursday 12 March 2015 15:15:31 Brian wrote:
> On Thu 12 Mar 2015 at 11:01:00 -0400, Gene Heskett wrote:
> > On Thursday 12 March 2015 10:45:59 Darac Marjal wrote:
> > > On Thu, Mar 12, 2015 at 09:07:12AM -0400, Gene Heskett wrote:
> >
> > [...]
> >
> > > > Considering that I _am_ running an apache server here, AND it
> > > > faces the world, this lack of a fix for POODLE, seems to be a
> > > > serious lack on the part of the apache people for not pushing a
> > > > fix, with lots of noise, or if its available, a fairly serious
> > > > screw you attitude on the part of the debian folks in control of
> > > > that.  Strong language maybe, but it needs to be said.
> > >
> > > Hang on. If you're aware of POODLE and you've not taken steps to
> > > mitigate it, aren't you the one at fault? I mean, yes, debian
> > > could put out a patch which changes the default settings but this
> > > probably won't affect vservers, or other configuration files
> > > stashed about the place.
> >
> > The info on how to do that has not exactly been front page news in
> > my local fishwrap.
>
> Considering that you are running an apache server, AND it faces the
> world, this lack of publicity about a fix for your machine seems to be
> a serious lack on the part of the local rag for not publishing it with
> lots of noise. Its management needs a good talking to.

Chuckle, its a weekly, run by a fellow even older than I.  I think he 
does the papers composition on a mac.  So he wouldn't care about linux.
I don't fuss at him too often as he really does go out of his way on the 
editorial page to present both sides of an issue unless its our 
constitution.  He has hissy fits over the constant nibbling away of our 
rights by TPTB.  He has owned this paper for about 28 years, but the 
papers history goes back well over 100 years as a continuously published 
weekly paper. One of the oldest in the country, if not THE oldest.

> Alternatively, (and this is far more likely), it looks like a fairly
> serious bit of cocking up on the part of whoever administers your
> machines.

That would be me, darnit.  In this town of nominally 7000, I am probably 
the top linux promoter.  Maybe even the only one.

> You should have words with them about keeping on top of 
> security issues.
>
I am giving myself hell for not doing a bit more googling as I type 
this. :(

> Strong language maybe, but it needs to be said.

Whats the word, Touche`? ;-)

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: