package auditing in fedora
Todd Zullinger
tmz at pobox.com
Fri Aug 3 19:57:11 UTC 2007
Jaigh Jaddo wrote:
> There are several reasons for this.
>
> 1. Clearly there can be vulnerabilities that have not been fixed yet
> or have been fixed and there has not been a package created yet. In
> this case I would access my risk and disable the vulnerable service
> as needed.
>
> 2. I am running a large enterprise and cannot risk upgrading
> packages unless there is a clear reason to do so (ie. Security
> vulnerability). Doing a global yum update is risking for the
> enterprise. It is fine at home.
With that in mind, I have a few other suggestions and comments.
Fedora may not be the most suitable OS for such a situation. RHEL or
CentOS would seem like better candidates. Perhaps you have a need for
newer software though.
You may want to check out the yum-security and yum-changelog plugins,
which may help you in determining which updates you want to apply.
You can also filter the fedora-package-announce list for security
related updates.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Every man should have a college education in order to show him how
little the thing is really worth.
-- Elbert Hubbard (1856-1915), "A Message to Garcia"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20070803/cbc0c3e6/attachment-0002.bin
More information about the users
mailing list