[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] Linux security patches - costs and features?

To: ossig@mncc.com.my
Subject: Re: [ossig] Linux security patches - costs and features?
From: Christopher DeMarco <cdemarco@fastmail.fm>
Date: Tue, 30 Sep 2003 10:50:14 +0800
In-reply-to: <3F78EA08.5090000@mimos.my>
References: <3F78EA08.5090000@mimos.my>
Reply-to: ossig@mncc.com.my
Sender: owner-ossig@mncc.com.my
User-agent: Mutt/1.4.1i

On Tue, Sep 30, 2003 at 10:27:20AM +0800, Imran William Smith wrote:

> So in terms of cost, from what I can see, Debian wins.  In terms
> of remote push of security updates, from what I know, Red Hat wins,
> but I'm not sure how the others work.

Debian issues security   updates pretty quickly.  Automation would  be
the same as with apt-for-rpm, so I'll touch on that in just a sec.

An option for Red  Hat (and indeed all RPM-based  distros) is apt  for
rpm - the downside is that you'll have to get your apt repository from
a  third party.   This isn't   a problem  for   Red  Hat Linux,  since
freshrpms.net has a very   nice apt repository.  The  freshrpms mirror
list  is    medium-sized,   but    I  question    the  longevity   and
sustainable-enthusiasm of the project  - it's great  now but who knows
in a  year?  That said, they're   very quick coming out  with security
updates;  they got me  my OpenSSH fix the  same  day CERT released the
advisory.

Automation with   apt is easy -  "apt-get  update; apt-get upgrade -y"
will  automagically upgrade your system,  suitable for cron jobs.  And
you can of course build your own local or specialized repository(-ies)
so  that users don't all  have to hit  the asiaosc mirror or whatever,
they  can pull their updates  from  the departmental server.  Or heck,
push the updates to the local host with  rsync <shrug> In any case apt
is (a)  fully automatable and (b)   pretty up-to-date with  Red Hat #9.
Oh, and it's free.

Finally,  lots of people  rave  about the   ease of maintaining  large
numbers  of Gentoo systems,    but I don't   know  how you feel  about
re-compiling source for every security update.

And   in   the interests of     exhaustive  completeness (he's *still*
talking!?!?)    diskless    clients    provide   the    ultimate    in
maintainability; push a patch to the server and BLAMMO!

-- 
% You are in a maze of twisty passages, all alike.
Christopher DeMarco
cdemarco@fastmail.fm
+6013 389 5658

------------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message

Follow-Ups:
- Re: [ossig] Linux security patches - costs and features?
  - From: Colin Charles <byte@aeon.com.my>

References:
- [ossig] Linux security patches - costs and features?
  - From: Imran William Smith <iwsmith@mimos.my>

Prev by Date: Re: [ossig] Linux security patches - costs and features?
Next by Date: Re: [ossig] Linux security patches - costs and features?
Previous by thread: Re: [ossig] Linux security patches - costs and features?
Next by thread: Re: [ossig] Linux security patches - costs and features?
Index(es):
- Date
- Thread