[Info-vax] Variable declarations, was: Re: improving EDT

Arne Vajhøj arne at vajhoej.dk
Tue Nov 29 21:59:04 EST 2016 

On 11/29/2016 9:41 PM, Kerry Main wrote:
>> Of Arne Vajhøj via Info-vax
>> On 11/23/2016 10:58 AM, Kerry Main wrote:
>>> Unfortunately, in the commodity OS world, due to the volume of monthly
>>> security patches, many Operations shops have adopted a
>> "patch-n-pray"
>>> philosophy because there is no way the business will give the OPS
>>> folks the corresponding amount of time to re-test important
>>> applications.
>>
>> By commodity OS do you mean OS where software is available for
>> and security bugs get found and patched?
>
> Arne, with all due respect, as a developer, you look at the huge
> number of 20-30+ security issues found each and EVERY month on
> commodity OS's as a good thing.

> I look at the huge number of 20-30 security issues found every
> month on commodity OS's as a nightmare for Operations support who
> have to read release notes, determine which ones apply and which
> ones don’t (let's not forget release notes are vague for a
> reason), work with App groups to re-test important Apps in
> Dev/test/QA, do all of the massive paperwork for change mgmt.,
> sitting through weekly CAB meetings (on par with getting teeth
> pulled), configure the tools for rolling out, schedule downtime
> with the Business groups (kernel patches require reboot
> regardless of physical/VM), do the roll-outs (usually after
> midnight), fix any issues that crop up that were not caught (if
> any testing was even done).
>
> Say you have a small to medium env of 50-200 server OS's
> (physical/VM makes no difference) - now review the last
> paragraph.
>
> Say you have a large environment like Citibank who has thousands
> of commodity OS's worldwide - now review the last paragraph.

I think you are missing the point.

I don't think anyone is disagreeing that OS X with
10000 supported apps and 20 monthly security fixes
is worse than OS Y with 10000 supported apps and 1
monthly security fix.

But is that what we are comparing.

Or are we comparing OS X with 10000 supported apps and
20 monthly security fixes with OS Y with 100 supported
apps of which only 10 get security fixes and 1 monthly
security fix.

If you look at the actual list of security updates for
commodity OS then you will see that most of them does
not relate to the OS core but to all sorts of applications
including web browsers, email clients etc..

Arne

More information about the Info-vax mailing list