vulnerability of Linux
Steffen Kluge
kluge at fujitsu.com.au
Mon Nov 28 23:59:24 UTC 2005
On Sat, 2005-11-26 at 07:47 +0800, John Summerfied wrote:
> That is plain stupidity. It is worse than securing your system sensibly
> and applying _no_ updates.
Applying security fixes as they are released is part of securing a
system sensibly.
> If you blindly apply updates as they appear, you will get a broken
> system, nothing surer.
Doing anything blindly is not a good approach. However, I have yet to
break a system by following this rule:
* On servers, which have a minimal set of packages installed (my
servers are usually single-trick ponies), I run automatic
updates.
* On workstations (with loads of multimedia, end-user, and whatnot
applications) I run yum daily to check for updates and then
apply them manually after assessing the risk that mplayer might
stop working, or something.
That said, I wish the yum metadata would contain information pointing
out security related updates. One could then go and just apply security
fixes and their dependencies.
> If you run yum daily to keep the system up2date and something breaks,
> you will have no idea whether something changed, what changed or when.
Not true, /var/log/yum.log.
Cheers
Steffen.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20051129/4997e394/attachment-0002.bin
More information about the users
mailing list