CentOS - Jan 2009 - Update to Centos 5 anaconda kickstart %post bug?

Is there a process for finding status updates to open bugs within
Centos?  The particular bug I am talking about is 0002329
http://bugs.centos.org/view.php?id=2329.  This was assigned on
01-20-2008 and, as far as I can tell, there's been no action other than
it being acknowledged.  I've also searched upstream with RHEL and FC and
I cannot seem to find a bug report there though complaints of the
problem can be found through searching the web.

I do see the manual fix for it and will be testing that shortly.  I am,
however, dealing with a fairly rigid internal legal department that may
not welcome a "fix" that's not "official".  So I have
two questions:

1) Is there an "official" or "accepted" way to inquire about
the status
of an open bug?
2) With regard to bug 0002329 is this something that has to be fixed
upstream so it filters down to centos?

Thank you!
 
Eucke

on 1-8-2009 1:28 PM Warren, Eucke spake the following:
> Is there a process for finding status updates to open bugs within
> Centos?  The particular bug I am talking about is 0002329
> http://bugs.centos.org/view.php?id=2329.  This was assigned on
> 01-20-2008 and, as far as I can tell, there's been no action other than
> it being acknowledged.  I've also searched upstream with RHEL and FC
and
> I cannot seem to find a bug report there though complaints of the
> problem can be found through searching the web.
> 
> I do see the manual fix for it and will be testing that shortly.  I am,
> however, dealing with a fairly rigid internal legal department that may
> not welcome a "fix" that's not "official".  So I
have two questions:
> 
> 1) Is there an "official" or "accepted" way to inquire
about the status
> of an open bug?
> 2) With regard to bug 0002329 is this something that has to be fixed
> upstream so it filters down to centos?
> 
> Thank you!
>  
> Eucke
The bug page gives you the status. It was assigned (to Karanbir), and he
ack'ed it. If it was fixed, it would be resolved. It shouldn't be that
hard to
apply the fix manually and your legal department is too rigid if they are that
picky about a fix to "free" software. I can see if they were paying
contract
support on it.

If Karanbir thinks it merits an upstream bug report, I'm almost sure he
might
do that, if the original bug poster doesn't. It "might" be fixed
by the time
5.3 comes out, but do you want to wait?



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20090108/7e2af127/attachment-0004.sig>

Scott Silva wrote:
> The bug page gives you the status. It was assigned (to Karanbir), and
he ack'ed it. If it was fixed, it would 
> be resolved. It shouldn't be that hard to apply the fix manually and
your legal department is too rigid if they 
> are that picky about a fix to "free" software. I can see if they
were
paying contract support on it.

I appreciate the response.  If you recall I did post the link so it's a
safe assumption that I read the page and understood it's content.  What
I'm after is whether there's any other information channel that might
not be so obvious for seeing if there might be action coming up for an
particular issue.  Being in a highly regulated industry the legal
department has a tough job.  I work within the guidelines they set.
> If Karanbir thinks it merits an upstream bug report, I'm almost sure
he might do that, if the original bug 
> poster doesn't. It "might" be fixed by the time
> 5.3 comes out, but do you want to wait?
I am restricted to 5.1 as approved by legal.  5.2 is not approved so 5.3
isn't an option either.  Once I can sort out whether something
"official" will fix this I can then determine how to pursue this
internally.  A workaround fix does not address that the kickstart-built
system will still contain this bug as it will be built from RPM's that
are not fixed.



Eucke

Warren, Eucke wrote:
> I do see the manual fix for it and will be testing that
> shortly.  I am,
> however, dealing with a fairly rigid internal legal
> department that may
> not welcome a "fix" that's not
> "official".  So I have two questions:
> 
> 1) Is there an "official" or "accepted"
> way to inquire about the status
> of an open bug?
> 2) With regard to bug 0002329 is this something that has to
> be fixed
> upstream so it filters down to centos?
> 
What company is this that doesn't wan't to pay for a support 
contract for RHEL but insists on using CentOS but requires 
"official fixes" only?

1. Can you name and shame this comapany it will make good reading 
on teh web.
2. Consider paying for RHEL so that you can actually get 
"official support" and can raise support tickets.
3. You probably don't understand what CentOS is or who is supposed 
to use it.


Regards, 
Vandaman.
-------------------------------------------------------
Report another spam?
Your average reporting time is: 3 hours; Great! 
---- ---- ---- ---- ----
noob detector -> 15 noobs top-posting.

On Jan 8, 2009, at 6:35 PM, "Warren, Eucke" <EWarren at wms.com>
wrote:
> Lanny Marcus Wrote:
>> Does that mean that your Legal Department does not permit you  to
> upgrade your box, to get the latest packages,
>> issued for Security & Stability reasons? 5.1, as you are well
aware,
> is not the latest and greatest.
>
> That is correct.  What they approve is based on the contents of the  
> DVD
> or CD for a particular version at the time of initial release.  The
> governmental regulatory framework in which we work is what drives the
> requirements.  I am well aware that 5.1 is not the latest, greatest,
> current or anything else of that matter.
Is your legal group aware that your company/agency has opened itself  
up to the risks of litigation in the event any customer or emloyee  
information is stolen due to negligent security practices?

Failure to apply the provided security patches for an OS is considered  
negligent.

This applies to internal security breaches as well as external.

I seriously doubt your legal group understands the regulatory issues  
properly.

-Ross

I appreciate the input on this question from those who have made
suggestions.  As the unofficial "fix" for %post does not change the
target build (as the anaconda rpms are untouched) I will move in that
direction.  Those of you speculating will have to accept that there is
much I cannot share and much of which you do not know about the systems
and target environment. To suggest a "shaming" only makes the Centos
community look bad as it would be done so without understanding the
entire environment and situation.  Thank you.


Eucke