Date: Wed, 3 May 2006 12:52:24 +0300
From: Michael Shigorin <mike@osdn.org.ua.>
To: David Litchfield <davidl@ngssoftware.com.>
Subject: foreseeing (cough) critical problems futile? (was: Oracle, where are the patches???)
Message-ID: <20060503095224.GH13926@osdn.org.ua.>
Reply-To: [email protected]
Mail-Followup-To: David Litchfield <davidl@ngssoftware.com.>,
[email protected]
References: <20060502144845.5C0B815F50A@mail.ngssoftware.com.>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060502144845.5C0B815F50A@mail.ngssoftware.com.>
User-Agent: Mutt/1.4.2.1i
X-Virus-Scanned: antivirus-gw at tyumen.ru
On Tue, May 02, 2006 at 04:10:27PM +0100, David Litchfield wrote:
> That's what good regular patches allow me to do. The benefits
> are absolutely clear. There are two major problems that can
> cause these benefits to evaporate into thin air, however.
> 1) Late Patches
> 2) Re-issued Patches
3) Artificially late patches -- those which could be made
available ahead of usual schedule to reduce vulnerability window.
I guess regular approach is OK for low-to-moderate but guarantees
enough additional headache for critical updates. After all, it's
only vendor-found ones that can wait, and that's not exactly
"responsible" too since nobody can tell for sure the particular
problem isn't already known out there.
--
---- WBR, Michael Shigorin <mike@altlinux.ru.>
------ Linux.Kiev http://www.linux.kiev.ua/
