New Redhat

Robert S. Thau (
Wed, 3 Jun 1998 16:45:19 -0400 (EDT) writes:
> --============_-1315221529==_ma============
> Content-Type: text/plain; charset="us-ascii"
> > Turn up the Heat for Summer...Red Hat Linux 5.1 is here!
> >
> > Red Hat Software, Inc., announced today the June 1 release of Red Hat
> >Linux 5.1, a powerful update that
> > includes enhanced installation features, as well as system configuring,
> >web caching, window management
> > features and an added value CD of applications for Linux.

Regrettably, several rather nasty security holes were reported almost
immediately; see the "RedHat errata update" entries from Monday and
Tuesday at

Before our friends from Microsoft get too cocky about this, I'll make
one point in mitigation: It's not fair to blame these particular
flaws on the open source development model, simply because RedHat
didn't develop this release in a really open way --- there was
actually some surprise on, e.g., Slashdot when the release date was
announced, because there had been no public betas, a break from
RedHat's previous practice. And when an open release *was* made (a
bit late, regrettably), the problems got diagnosed and fixed very


PS --- on the security tip, for more info on the flaws Bruce Schneier
found in Microsoft's PPTP implementation, there's a full technical
writeup on Schneier's own web site,, and it is, if
anything, worse than you'd guess from articles in the trade rags.

In effect, the key generation and exchange *protocols* are broken
badly enough that no interoperable implementation can be really