[Info-vax] Variable declarations, was: Re: improving EDT

Arne Vajhøj arne at vajhoej.dk
Wed Nov 30 22:43:10 EST 2016 

On 11/29/2016 10:38 PM, Kerry Main wrote:
>> Of Arne Vajhøj via Info-vax
>> I think you are missing the point.
>>
>> I don't think anyone is disagreeing that OS X with
>> 10000 supported apps and 20 monthly security fixes is worse than
>> OS Y with 10000 supported apps and 1 monthly security fix.
>>
>> But is that what we are comparing.
>>
>> Or are we comparing OS X with 10000 supported apps and
>> 20 monthly security fixes with OS Y with 100 supported apps of
>> which only 10 get security fixes and 1 monthly security fix.
>>
>> If you look at the actual list of security updates for commodity OS
>> then you will see that most of them does not relate to the OS
>> core but to all sorts of applications including web browsers, email
>> clients etc..
>
> Not quite - the majority of security issues on commodity OS's are
> not just the kernel/OS patches, but LP's/Add-on's etc that also
> apply very much to servers. Even browsers are installed on
> servers because for various reasons, like the SysAdmin being in
> the computer room, some mgmt. tools are run from the server.

Many servers do not have a browser installed. For security reasons.
And the network access out would be blocked anyway by a site with
a reasonable firewall policy.

But let us assume that the browser is needed.

What is the risk that updating the browser will break the application
running on the server?

Praticallly zero.

And how would you rank these systems for security (in relation to
web browser):
* a RHEL system with latest FireFox because they patch
* a RHEL system with last months FireFox because they skipped this
   montsh patch
* a RHEL system with the FireFox that was installed when the system
   was installed
* a VMS system with latest released browser for VMS
?

> Question - is 20-30+ security patches per month now considered
> acceptable when the mandate is to build a rock solid solution?

I think so.

No one should try to build a rock solid solution based
on a platform that do not get patched.

Arne

More information about the Info-vax mailing list