[Info-vax] Patching, was: Re: VSI strategy for OpenVMS
Arne Vajhøj
arne at vajhoej.dk
Fri Sep 17 11:38:21 EDT 2021
On 9/16/2021 9:33 PM, Scott Dorsey wrote:
> Simon Clubley <clubley at remove_me.eisner.decus.org-Earth.UFP> wrote:
>> On 2021-09-15, <kemain.nospam at gmail.com> <kemain.nospam at gmail.com> wrote:
>>>
>>> Yep, one of the challenges Windows admins (and to a bit lesser extent,
>>> Linux) have is just the sheer volume of monthly patches (security and
>>> functionality).
>>>
>>> This is not OS religion - simply reality.
>
> The thing about Linux is that you can strip the system down because it is
> modular... and the more you strip out, the fewer patches you need. You can
> get to the point where you just need an occasional kernel patch if your
> application is self-contained.
>
>> How many patches per month would VMS see if it was probed with the same
>> level of intensity that other operating systems are probed with and if
>> it had the same wide range of software that those other operating systems
>> have ?
>
> Probably quite a few, but I suspect less than you'd expect because there is
> much less code inside the box. Code contains bugs... the key to making a
> system less buggy is to make it smaller and more straightforward.
That is an important point.
And maybe one VMS can use as a genuine security argument.
A standard VMS installation with everything is like 25 MLOC or so.
A large Linux distro including everything under the sun is
1000-1500 MLOC.
It would be insane to install all that in Linux, but it actually
make installation something that requires real choices
Microsoft knows it. Which is one of the reasons behind
Windows Server Core. Less code is more secure.
Arne
More information about the Info-vax
mailing list