https://bugzilla.novell.com/show_bug.cgi?id=690922
https://bugzilla.novell.com/show_bug.cgi?id=690922#c7
--- Comment #7 from Don Hughes 2011-06-24 23:58:31 UTC ---
Let me expand on the previous.
I use iptables and a number of the addons to build internet facing firewalls
for a number of my systems. I find that the volume and sophistication of the
attacks directed at my networks just continues to increase, and, for this
reason, I am aggressive in applying patches to these systems. However, the
interaction between the kernel, iproute, iptables, and the addons seems to be
fairly fragile. Whereas security updates to my other servers seldom causes any
breakage (the VMware server being a glaring exception), updates to my firewalls
almost always breaks something to the point where I tend to delay applying
patches until I can set aside 1/2 a day for debugging. Thus, the server that I
would like to update the most is actually the one that is updated the least.
When something like the HISTORYTIMEFORMAT breaks, it is annoying, but I can
delay debugging it until I have the time. When the iptables scripts stop
working they have to be debugged and fixed on the spot. I would like to
suggest that perhaps the provides/requires in the RPMS could be expanded/tuned
so I do not end up with protocol mismatch surprises. Also changes to these
applications should be approached very conservatively - something like removing
a feature like iptreemap needs more than a comment in a readme - perhaps
warning messages in the logs that the feature will be removed in a future
release like is done with a number of other packages.
Let me say that I do appreciate having the addons bundled together as this is
much less time consuming than patch-o-matic and separate compiles, but because
of the importance of the packages, any hiccups are attention grabbing.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.