Jason Hirsch <[EMAIL PROTECTED]> wrote:
>Not to push an issue-
>
>Awhile back someone (with an email @redhat.com) asked in (what i thought
>was) seriousness about a 'service pack' style fix. I read this post and
>think "Wow. To think that for NT all I have to do is run 1 program and
>all the bugs are fixed". Yes, I know more is usually broken. Yes, I know
>that not all of them are fixes.
I'd say you've already answered some of your own questions. Why apply a
huge service pack to fix one piece of software and run the risk of
breaking others or suddenly running services that you don't want or even
know about? I'd rather update one distinct package and know exactly what
I'm updating and be able to easily revert to the old version if something
doesn't work as expected. I also have a quick & dirty script that I use to
log the date & time a package was updated and what the old version
was. Fortunately I've only had to revert to an older package a few times,
but it was nice to know what the old version was.
There are also times when a new package means a new config file where the
syntax is different and using the old one won't work. I've been there with
bind and squid and I'd rather know ahead of time that I'm going to have to
at least look at the differences between the old/new config files.
>Yes, I know you are going to tell me
>Linux is better than NT.
No, I'll let you decide that for yourself. ;-)
>But if my choice is downloading a service pack that will fix 'major'
>security holes and reading down a checklist of a few hundred, i'm gonna go
>for the service pack.
"A few hundred" is a bit on the high side. RedHat 5.2 has around 40 errata
items, some of which encompass several rpm packages. I don't consider this
too difficult to handle, especially after you're "up to date" once. Then
it becomes a matter of a few packages a month on average.
>My firewall is kept up to date, but the machines on the inside? Not worth
>the effort to update stuff that I may or may not use.
Since my users are staff & the general public, I have to keep all my
machines up to date. I also remove packages & services that I'm not using
as an added security measure.
>So, in askance, why not have a monthly 'service pack' of files that should
>be applied to a base install, since updated ISO images aren't in
>existance?
I'm not against this idea as long as the individual packages are still
available, but you can also do the same thing by downloading all the
packages to the same directory and using rpm with the '-F' switch, which
will update only those package that are already installed. There are also
tools like autorpm which will even get the packages for you.
-Eric
Eric Sisler
Library Computer Technician
Westminster Public Library
Westminster, CO, USA
[EMAIL PROTECTED]
Linux - don't fear the Penguin.
Want to know what we use Linux for?
Visit http://gromit.westminster.lib.co.us/linux
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
