[PLUG] Joe Jobbed
alan
alan at clueserver.org
Wed Oct 10 16:27:51 UTC 2007
On Wed, 10 Oct 2007, Aaron Burt wrote:
>>> I've certainly come to
>>> appreciate distribution packages and updates, and careful
>>> version-control of packages and config files.
>>
>> It's not the binaries, it's the controlled *process* that matters.
>
> Correct. Security is a process. Reliability is a process. Keeping
> your clients happy is a process. Systems administration is the process
> of balancing all of that against human and technical limitations.
I have found that the various distros patch different things. (I did an
audit of such things for DARPA a few years back.)
Red Hat may not use the new version of a package, but they are pretty good
about backporting patches. (A thankless and painful task, having done
it.)
Debian is pretty good. They tend to cover a few patches that other miss,
but not some that Red Hat uses.
In fact, the security response time is pretty good. Depends on the
vulnerability and how much the exploit is seen in the wild. It also
depends on when they figure that the admins will be in the office and able
to apply the patched version(s).
--
Never trust a queue structure designed by a cryptographer.
More information about the PLUG
mailing list