* Martin Peikert wrote on Wed, May 09, 2001 at 10:57 +0000:
For the people that use linux at home, I agree completely. But for a system administrator in, for example, an university, where many people have an account on the system, I do not and do not even want to.
oki, in university it's may not be a problem to waste a lot of time and money for building kernel modules. In industry this is handled differently usually. If a hour costs i.e. $100, and a kernel security update tooks 2 hours per machine, you will have enourmous costs... so it becomes neccesary to be efficient, and recompiling kernels all the time cannot be efficient. Second, RPM building may require very special knowledge. SuSE is able to pay one or two "kernel gurus" - ordinary small companies are not. But I see no reason to continue this thread, since it becomes more and more offtopic. It's everybodies own decision to use SuSEs upgrades or not.
My belief is that those still need to be able to fix major security flaws by patching and compiling the faulty software if there is a root exploit out in the wild.
Have you ever estimated the costs? Assume 2 hours for download, patch and compile, add 1 hour for testing on each system hardware configuration (controllers combinations and others), add time needed to document the changes and you'll get a lot of time, really.
So what the hell is it we are going to? Incompetence as normality?
I think you missed the point. Nobody is able to be very competent in kernel and *.RPM security, even with reading mailinglists all the time. Evaluating patches and doing security audits is anythink but trivial. Don't forget that.
I still think that anyone that wants to administrate (not the home users, because users do not neccessarily need to have that knowlwdge that administrators of a more complex system - that many people are using - should have) a system has to have some competence about what she is doing.
It's hardly possible to know at least the kernel well, since it sources are some MB of data. Did you understand every part of it? Did you ever looked into the sources of cron or whatever? I cannot believe it. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.