Re: Downloading Critical Patch Updates without a Metalink account

From: DA Morgan <damorgan_at_psoug.org>
Date: Tue, 09 Jan 2007 08:57:59 -0800
Message-ID: <1168361877.467760@bubbleator.drizzle.com>

raesene wrote:
> Andy Hassall wrote:

>> On 8 Jan 2007 06:42:01 -0800, "raesene" <raesene_at_gmail.com> wrote:
>>
>>> One other thing I did notice from reading the license agreement.
>>>
>>> "We grant you a nonexclusive, nontransferable limited license to use
>>> the programs for: (a) purposes of developing, prototyping and running
>>> your applications for your own internal data processing operations;"
>>  Ah, that's the Oracle XE license, which does allow full production use (within
>> its CPU, RAM and data limits).
>>
>>  However, there aren't any patches for it, not even Critical Patch Updates,
>> which has been the subject of some discussion recently.
>>
>>  e.g. http://www.petefinnigan.com/weblog/archives/00000973.htm
>>
>>  XE is therefore open to many critical vulnerabilities. Search for "Hacking and
>> Hardening Oracle Express Edition" for examples.
>>

> Ah,
>
> Thanks for that, that explains what I was seeing in the license
> agreement I was reading. Worrying information that Oracle don't seem
> to be providing for security patches for XE.
>
>
> Regards
>
> Rory McCune
> rorym_at_mccune.org.uk

The question of security patches for XE came up a month or two ago and I email Mary Ann Davidson, Oracle's Chief Security Officer, about it to obtain a clarification. The thread disappeared from my newsreader so I never updated it with her response.

Essentially, as I understand it, Oracle plans to release new versions of XE rather than patches.

-- 
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu
(replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org

Received on Tue Jan 09 2007 - 10:57:59 CST