Re: vulnerability of Linux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Steffen Kluge wrote:

On Sat, 2005-11-26 at 07:47 +0800, John Summerfied wrote:
That is plain stupidity. It is worse than securing your system sensibly and applying _no_ updates. 


Applying security fixes as they are released is part of securing a
system sensibly.
Look at what they fix; not all security updates, even when they hit packages on one of my systems, matter.
If you blindly apply updates as they appear, you will get a broken system, nothing surer. 


Doing anything blindly is not a good approach. However, I have yet to
break a system by following this rule:

      * On servers, which have a minimal set of packages installed (my
        servers are usually single-trick ponies), I run automatic
        updates.
      * On workstations (with loads of multimedia, end-user, and whatnot
        applications) I run yum daily to check for updates and then
        apply them manually after assessing the risk that mplayer might
        stop working, or something.


However, your chances of breaking a system are quite good.
FC5 beta 1 installed a kernel on my laptop that does not boot. While this is a beta and all bets are off, it's perfectly possible that the same thing could happen in released versions of Fedora Core. Fedora Core 3 has had several new upsream kernel releases, and KDE has been upgraded from 3.3 to 3.4.
3.4 reliably SYSSEGVs on me on two platforms; I've probably not exercised the right circumstances on FC to find whether we have the problem too. 




That said, I wish the yum metadata would contain information pointing
out security related updates. One could then go and just apply security
fixes and their dependencies.
If you run yum daily to keep the system up2date and something breaks, you will have no idea whether something changed, what changed or when. 


Not true, /var/log/yum.log.
It is very hard to read that when your system won't boot. That aside, users' most likely reaction when something breaks and they're asked, "What changed?" is, "I didn't change anything." 

Even mailing the log won't happen if it's your mail server that's down.


--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx  Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

do not reply off-list
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux