[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] Linux security patches - costs and features?

To: ossig@mncc.com.my
Subject: Re: [ossig] Linux security patches - costs and features?
From: Imran William Smith <iwsmith@mimos.my>
Date: Tue, 30 Sep 2003 11:18:52 +0800
In-reply-to: <200309301040.23596.ken@apdip.net>
References: <3F78EA08.5090000@mimos.my> <200309301040.23596.ken@apdip.net>
Reply-to: ossig@mncc.com.my
Sender: owner-ossig@mncc.com.my
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030529

Points taken.  But imagine a  desktop rollout
situation where say 100 users who only use Win, MS Office and browser
based applications are migrated to Linux, OO.o and Mozilla.
Assume they have no real technical skills.  They never saw a
command line in their life.  If they are to get regular security
patches, it needs to be one of

1) scheduled 'pull' from their machine
2) administrator-controlled 'push' to their machine, via
   automatic solution such as RHN
3) administrator-controlled push, with admin guy logging into
   each machine manually as root and installing
4) user controlled regular 'pull to their machine'.

(am I missing any tricks?)

#4 can be seen to not work, as the Windows world shows us what
happens when you put end-users in charge of their own security updates.


I feel the danger for #3 is that it may not get done properly,
or it gets delayed, or some machines are missed.  Admin departments
often are less in control of the machines deployed than they'd
like to admit - they are especially likely to move IP address,
so essentially they cannot be 'found'.  If techniques #1 or #2
are deployed at *PC installation* time as root and end-user
does not get root access, they are likely to remain, whereever
the PC gets moved to etc.



Imran


 Ken Wong wrote:

As a RH user, I have issues with the following part:
	  remote push technology.  Without paying, you
	  are effectively cut off from security updates unless
	  you complete frequent questionnaires (and you could
	  not expect all end-users to do that).
1) Questionnaires are once every 3 months and not that long. 2) Without questionnaires, security updates are still downloadable from RH site via web. Just not through the simplified method of up2date.
3) Nothing prevents you from having 1 demo account and storing all the updates downloaded by that account, then distributing to other users via some sort of script.
Granted, I don't recommend 3) unless you're incredibly cheap/poor. I don't mind paying for a service that obviously gives you added value.
If you don't pay, it's just a little more work to update your systems manually or via scripts, like any competent admin.
Ken

------------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message


--
Imran William Smith
Project Manager, Open Source Development,
MIMOS Berhad, Malaysia

Asian Open Source Centre : http://www.asiaosc.org
MIMOS Open Source        : http://opensource.mimos.my



------------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message

Follow-Ups:
- Re: [ossig] Linux security patches - costs and features?
  - From: Ken Wong <ken@apdip.net>

References:
- [ossig] Linux security patches - costs and features?
  - From: Imran William Smith <iwsmith@mimos.my>
- Re: [ossig] Linux security patches - costs and features?
  - From: Ken Wong <ken@apdip.net>

Prev by Date: Re: [ossig] Linux security patches - costs and features?
Next by Date: Re: [ossig] Linux security patches - costs and features?
Previous by thread: Re: [ossig] Linux security patches - costs and features?
Next by thread: Re: [ossig] Linux security patches - costs and features?
Index(es):
- Date
- Thread