Jaigh Jaddo wrote:
> There are several reasons for this.
>
> 1. Clearly there can be vulnerabilities that have not been fixed yet
> or have been fixed and there has not been a package created yet. In
> this case I would access my risk and disable the vulnerable service
> as needed.
>
> 2. I am running a large enterprise and cannot risk upgrading
> packages unless there is a clear reason to do so (ie. Security
> vulnerability). Doing a global yum update is risking for the
> enterprise. It is fine at home.
With that in mind, I have a few other suggestions and comments.
Fedora may not be the most suitable OS for such a situation. RHEL or
CentOS would seem like better candidates. Perhaps you have a need for
newer software though.
You may want to check out the yum-security and yum-changelog plugins,
which may help you in determining which updates you want to apply.
You can also filter the fedora-package-announce list for security
related updates.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Every man should have a college education in order to show him how
little the thing is really worth.
-- Elbert Hubbard (1856-1915), "A Message to Garcia"
Attachment:
pgp6xdIUvnbq9.pgp
Description: PGP signature
