[Info-vax] Another "automatic update"

[Stephen Hoffman]

On 2019-03-27 04:08:37 +0000, Dave Froble said:

> So, now, where were all those arguments for just rolling in updates 
> without some serious testing?  So we have this brave new world of 
> constant automatic updates.  Be afraid.  Be very afraid.
> 
> To be fair, since it's intermittent, testing just might not have caught it.

HPE née HP folks had informally commented on no known regressions with 
their recent-years UPDATE patches; the last five or ten years.

How things have worked for the VSI patches isn't yet clear, though I've 
not heard reports of a patch-related regression with the VSI patches. 
Not that I've looked. Not that VSI even advertises that they have 
patches.

Downside of not patching are the exploits, and the exposure of the 
server to exploitation varies by configuration. Something as far back 
as David's Windows Server 2012 box is largely receiving security 
patches.

OpenVMS doesn't have the ability to roll back patches akin to what's 
available in Windows and Windows Server—PCSI roll-back support is 
comparatively weak—which makes backing out failed patches more 
difficult.

Mistakes and vulnerabilities can and do happen with our own apps, with 
operating system patches, and with firmware and hardware.

Yes, we're on an accelerating treadmill of patches and upgrades, and—no 
matter what any of us might prefer—we're all going to have to figure 
out how to deal with that in our production environments.

That's going to increasingly involve packaging and automating apps and 
operating systems and deployments, too.

That packaging and that automation is already happening in many 
environments.  It's not so common in OpenVMS.


-- 
Pure Personal Opinion | HoffmanLabs LLC