On Fri, Mar 12, 2010 at 8:36 AM, Mike DeMarco <mikej...@yahoo.com> wrote: >> everything else on the SAN. Don't forget to minimize >> and harden the >> build as much as possible before you patch, and patch >> (including >> firmware) before you let users of any type on it. > > Can you explain the logic behind minimize and harden before you patch? I have > always fully patched them JASS then minimize.
Hardening should always be verified after patching. Solaris patches quite commonly whack hardening applied to sendmail. > I would think that if I minimized first it would save some time patching but > that something could get missed in the patch install. Something like if one > package is not installed a patch to a library that is used by another > packages could get missed. If your minimization is such that patching breaks, the order doesn't matter. At some point x months or years in the future you will need to patch again. Don't minimize to the point that patching breaks. -- Mike Gerdts http://mgerdts.blogspot.com/ _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org