On Fri, Nov 05, 2004 at 04:59:23PM +1100, O Plameras wrote: > > > When required it is applied to glibc. Again, priorites. > > With Solaries they warrant that their product will do > what they claim it will do. This is not the case with > Linux.
Is that necessarily true? I thought that RHEL offered some guarantees for example. Can anyone else supply details? However, Oscar: I am, for the sake of argument willing to accept your position that unnecessary features should be disabled in order to maximise security. I mean, I don't leave a crow-bar lying next to my car when I park it. But, what I'd like to know is: how do you manage to apply security patches to all of these machines that you administer? Do you go to each one and manually apply the patch and rebuild/reboot etc? If that is what you do, how do you mitigate the risk of leaving some servers unpatched whilst working on others to go through this rigorous process? I'm interested in this for not entirely academic reasons -- the patching game is one that every software developer plays at some point or another. I have my own approaches but I'm interested in hearing yours. Thanks, James. -- "Now, there are no problems only opportunities. However, this seemed to be an insurmountable opportunity." - http://www.surfare.net/~toolman/temp/diagram.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
