Spiro Harvey wrote:
So for 405 days you've done no kernel patches? Awesome. I bet that
server's a bunch of remote exploits waiting to happen (if they haven't
already).
Using massive uptimes to prove how cool your server is actually just
shows that you're not doing the right maintenance.
Or it could just be that applying a layered approach to security
means that those vulnerabilities that are there, aren't exploitable.
But then just running a fully up to date system is no guarantee - on
a different server we did get caught by a problem, one not fixed by
any kernel version available at the time from the Debian. Solution -
turn off the features that exposed the vulnerability.
That's the only problem I've had, in several years of running
multiple public facing servers.
Risk is not black and white. Trying to eliminate risk is about as
fruitful as p***ing into the wind. Managing risk is a different
matter. There are risks in not updating, there are risks in updating
- how you weight those risks is a matter of preference, judgement,
and practicality.
You're entitled to your opinion - it just differs from mine.
> 2) If it aint broke - don't fix it. There's no way I'd attempt a
major upgrade in-place when it's a live server used 24*7. For various
internal reasons (which I'm sure you can guess) I don't have the
resources to do anything but an in-place upgrade if I want to upgrade.
Well if they don't want patches on it, and they're not prepared to give
you money to have a backup server to do upgrades on, then it can't be
as critical as they're telling you.
Or it could be a reflection of management priorities - the job pays
the bills, it doesn't mean I like all of it.
> 3) I can accept that software will go out of support - but I never
expected a Miscrosoft-esque remote shutdown.
You should have expected it 6 months ago when the announcement was made.
Well I could have if I'd seen that - but that ground's been covered
to death already.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
