On 2023-09-26 03:48, Lew Wolfgang wrote:
> On 9/25/23 18:17, Patrick Shanahan wrote:
>>> There are thousands of changes per week on TW.
>> read: not if you do not "dup". and it hurts nothing by not duping. you
>> are able to dup when*you* choose to. and to reboot when you see fit.
>> you are not driven by the availability of newer packages. it is a choice.
>> there can be millions of changes but they do not affect you unless you
>> make that choice. there is a newer model of the car I drive but I have
>> not purchased it and may never, but it exists.
>
> But some organizations require frequent updates for security reasons.
> Indeed,
> weekly updates may be required and confirmed with Nessus scans. Leap has
> been remarkably good at this.
>
> I tried Tumbleweed some years ago in this environment, but it didn't
> work. To
> be fair I guess it deserves another try.
Ask Roger Oberholtzer why not.
Where I use Tumbleweed (office, development, servers), the IT guys are not happy. They want me to be using Windows that they control 100%. I have conceded that I can run MS Defender and something called Insight on Tumbleweed so they get the warm and fuzzies. But all it does is report things to Big Brother. They should not be able to modify things. I'm always asked to defend from a business pov why I have various things installed. Most recently they want to know about cockpit. I'm a software developer. I will always have new things installed for evaluation. They don't understand why.
One of their issues is that they have no way of knowing if my system is up-to-date with respect to security fixes. As I run zypper dup on a regular basis, I suspect that my Tumbleweed is more up-to-date than their Windows systems. So in the Tumbleweed context we are okay. But they remain skeptical.
A bigger issue is when we put a measurement system on the company intranet during service. You cannot believe the hoops that had to be jumped trhough for that to happen (and the layers between these systems and the rest of the network). They are always sniffing around (ports and such) and complaining that we are not running the latest of everything. They do not understand the need for stability.
So it is a mix. Where we keep the systems very much up to date, they are suspicious that we have all security fixes. Where we let the systems lag a bit, they are upset that we don't update them each hour.
There is no one solution for everyone. Everyone has a different outlook on what is the important critical factor.