Mailinglist Archive: opensuse (2441 mails)
| < Previous | Next > |
Re: [SLE] if it ain't broke, don't fix it (was: root partition not umounting?)
- From: Per Jessen <per@xxxxxxxxxxxx>
- Date: Mon, 20 Jun 2005 22:05:56 +0200
- Message-id: <d977j4$t21$1@xxxxxxxxxxxxxxxx>
Randall R Schulz wrote:
> They list all the changes applied in every patch released via YOU. If
> you don't trust the YOU updates, then why do you trust any package
> built by SuSE / Novell?
For the same reason that I in my +15 years in the IBM world also trusted the IBM
shipped software, but not the patches. Release-quality software is usually put through rigorous
testing - patches are often too, but far from as a matter of course.
> I'd say your paranoia is best directed elsewhere.
Randall, I (obviously) disagree about this being paranoia. As a sysadmin you should be fully
aware of what is running on your systems. Applying patches and fixes more or less in the blind
is not the way to go about that. Whether or not you trust the supplier.
> many of us run systems that are not what
> is usually considered "production."
I totally appreciate that, but I don't think it can be taken as the rule. (Why stick to only
SuSEs patches if you're not in some form of controlled environment?)
> My policy, which has not caused me any problems, is to apply all YOU
> patches. For the most part, I'm greedy about new software, new
> capabilities and enjoying the nice steady stream of improvements that
> issue forth from the Open Source community. Take KDE, for example: Over
> the past year it has progressed immensely, and I for one would not want
> to forgo all those improvements.
On my personal workstation I apply exactly what you've just described, but for most other
systems, customers depend on them being up and running, so the risk involved in applying an
_unnecessary_ (kernel or not) patch is not warranted.
There's room for everyone of course, but I have a number of production systems to run 7x24.
Downtime is scheduled about one month in advance, preferably around Christmas :-) My general
system uptimes are +300 days with a couple of exceptions in both ends.
Anyway, I was merely trying to suggest a careful change policy, I didn't intend to dictate to
anyone how to run their system(s).
/Per Jessen, Zürich
--
http://www.spamchek.com/freetrial - managed anti-spam and anti-virus solution.
Sign up for your free 30-day trial now!
> They list all the changes applied in every patch released via YOU. If
> you don't trust the YOU updates, then why do you trust any package
> built by SuSE / Novell?
For the same reason that I in my +15 years in the IBM world also trusted the IBM
shipped software, but not the patches. Release-quality software is usually put through rigorous
testing - patches are often too, but far from as a matter of course.
> I'd say your paranoia is best directed elsewhere.
Randall, I (obviously) disagree about this being paranoia. As a sysadmin you should be fully
aware of what is running on your systems. Applying patches and fixes more or less in the blind
is not the way to go about that. Whether or not you trust the supplier.
> many of us run systems that are not what
> is usually considered "production."
I totally appreciate that, but I don't think it can be taken as the rule. (Why stick to only
SuSEs patches if you're not in some form of controlled environment?)
> My policy, which has not caused me any problems, is to apply all YOU
> patches. For the most part, I'm greedy about new software, new
> capabilities and enjoying the nice steady stream of improvements that
> issue forth from the Open Source community. Take KDE, for example: Over
> the past year it has progressed immensely, and I for one would not want
> to forgo all those improvements.
On my personal workstation I apply exactly what you've just described, but for most other
systems, customers depend on them being up and running, so the risk involved in applying an
_unnecessary_ (kernel or not) patch is not warranted.
There's room for everyone of course, but I have a number of production systems to run 7x24.
Downtime is scheduled about one month in advance, preferably around Christmas :-) My general
system uptimes are +300 days with a couple of exceptions in both ends.
Anyway, I was merely trying to suggest a careful change policy, I didn't intend to dictate to
anyone how to run their system(s).
/Per Jessen, Zürich
--
http://www.spamchek.com/freetrial - managed anti-spam and anti-virus solution.
Sign up for your free 30-day trial now!
| < Previous | Next > |