[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] Linux security patches - costs and features?

To: ossig <ossig@mncc.com.my>
Subject: Re: [ossig] Linux security patches - costs and features?
From: Colin Charles <byte@aeon.com.my>
Date: Wed, 01 Oct 2003 02:19:08 +1000
In-reply-to: <20030930025013.GA19704@localhost.localdomain>
Organization: ByteBot.net
References: <3F78EA08.5090000@mimos.my><20030930025013.GA19704@localhost.localdomain>
Reply-to: ossig@mncc.com.my
Sender: owner-ossig@mncc.com.my

On Tue, 2003-09-30 at 12:50, Christopher DeMarco wrote:
> > So in terms of cost, from what I can see, Debian wins.  In terms
> > of remote push of security updates, from what I know, Red Hat wins,
> > but I'm not sure how the others work.
> 
> Debian issues security   updates pretty quickly.  Automation would  be
> the same as with apt-for-rpm, so I'll touch on that in just a sec.

yes. go debian's: apt-get upgrade

fixed the ssh bugs instantly (as soon as the patches were out, in a few
hours..). of course, security.debian.org needs to be in the sources.list
file.

> An option for Red  Hat (and indeed all RPM-based  distros) is apt  for
> rpm - the downside is that you'll have to get your apt repository from
> a  third party.   This isn't   a problem  for   Red  Hat Linux,  since
> freshrpms.net has a very   nice apt repository.  The  freshrpms mirror
> list  is    medium-sized,   but    I  question    the  longevity   and
> sustainable-enthusiasm of the project  - it's great  now but who knows
> in a  year?  That said, they're   very quick coming out  with security
> updates;  they got me  my OpenSSH fix the  same  day CERT released the
> advisory.

freshrpms.net and fedora.us are running similar services, and have
agreed upon some form of "alliance".

fedora.us incidentally is an APT repository for the newer Fedora
releases.

keeping in mind that we won't see a Red Hat Linux 10, but a Fedora Linux
instead, these apt sites can only get better! RH themselves may throw
away the use of their regular "rpm" tool, and use apt for rpm or even
yum.

> And   in   the interests of     exhaustive  completeness (he's *still*
> talking!?!?)    diskless    clients    provide   the    ultimate    in
> maintainability; push a patch to the server and BLAMMO!

or do as i said in the other post. run a patch server, and push updates
regularly via autorpm. well, autorpm pulls the updates (to be more
accurate).
-- 
Colin Charles, byte@aeon.com.my
http://www.bytebot.net/


------------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message

References:
- [ossig] Linux security patches - costs and features?
  - From: Imran William Smith <iwsmith@mimos.my>
- Re: [ossig] Linux security patches - costs and features?
  - From: Christopher DeMarco <cdemarco@fastmail.fm>

Prev by Date: Re: [ossig] Linux security patches - costs and features?
Next by Date: Re: [ossig] Linux security patches - costs and features?
Previous by thread: Re: [ossig] Linux security patches - costs and features?
Next by thread: Re: [ossig] Linux security patches - costs and features?
Index(es):
- Date
- Thread