[Info-vax] The (now lost) future of Alpha.

Kerry Main kemain.nospam at gmail.com
Mon Aug 6 10:09:09 EDT 2018 

> -----Original Message-----
> From: Info-vax <info-vax-bounces at rbnsn.com> On Behalf Of Arne Vajhøj
> via Info-vax
> Sent: July 15, 2018 8:29 PM
> To: info-vax at rbnsn.com
> Cc: Arne Vajhøj <arne at vajhoej.dk>
> Subject: Re: [Info-vax] The (now lost) future of Alpha.
> 
> On 7/15/2018 5:20 PM, Kerry Main wrote:
> >> From: Info-vax <info-vax-bounces at rbnsn.com> On Behalf Of Stephen
> >> Hoffman via Info-vax
> >> Sent: July 14, 2018 1:12 PM
> >> On 2018-07-14 14:37:48 +0000, Kerry Main said:
> >>> While its always interesting to watch the security related bun
> >>> fights between SW vendors/promoters and HW vendors/promoters,
> >>
> >> Not really.  Many of us did tire of watching you posting absurd
> >> comparisons of CVE counts across disparate platforms.
> >
> > Actually, my past posts were comparing commodity OS CVE counts to
> > enterprise platforms like Solaris, AIX, NonStop, OpenVMS, z/OS etc.
> > While these enterprise platforms all have security issues (no platform
> > is 100% secure), they certainly do not have the volume of 20-30+
> > monthly server security issues published each and every month for
> commodity OS's.
> 
> > While I certainly expect more OpenVMS x64 security issues published in
> > the future than what is published today, I certainly do not expect
> > todays volume of 20-30+ security patches currently released each and
> > every month for commodity OS's. OpenVMS customers will not accept this.
> 
> Can you post an example of 20-30 security patches for a Linux distro *only
> counting vulnerabilities for the components where VMS ship with similar
> components*?
> 
> Arne
> 

Catching up ..

Former Red Hat Security patch web site (security issues only - not regular
bug patches)
<https://www.redhat.com/archives/enterprise-watch-list/>

Click on "thread" for any month, any year. Review each month. Look for
kernel, rpc and other internal issues.

Red Hat discontinued this web site. They have new web site now:
<https://access.redhat.com/security/security-updates/>

Yes, some components do not ship on OpenVMS, but these lists are what those
in Operations with commodity OS platforms need to deal with each and every
month.  And yes, also try to keep up with the many different versions of SW
that gets propagated by all those in the various internal groups that the
OPS groups support. Along with their patching tools, they need to review
these security issues to determine which ones apply to their environment and
which ones do not.

And btw, it’s normally the OPS groups that deal with these security issues -
not the Developers. 

If one of these many monthly security patch's is missed and some bad thing
happens, it is usually the OPS groups that catch the heat. 

ITSM RFC's (change processes always such a joy in every OPS shop),
scheduling server retesting (important+ apps), reboots (kernel patches),
additional roll-outs (dev-test-qa-prod).

All great fun for OPS groups faced with increased workloads and decreasing
staff levels.


Regards,

Kerry Main
Kerry dot main at starkgaming dot com

More information about the Info-vax mailing list