On Wed, Apr 20, 2005 at 04:23:02PM -0700, Jeff Carr wrote: > Adrian Bunk wrote: > > >Let me ask some questions: > >- How many thousand people can't continue working if the server isn't > > available? > >- How many million dollar does the customer lose every day the server is > > not available? > >- How many days without this server does it take until the company is > > bankrupt? > > These are interesting questions, but not really applicable. I've never > seen a corporate enviornment where an upstream or outside distribution > is deployed without being tested internally first. I don't think it's > something that should be taken into account in the release process. > Companies have internal methods for deployment that double check and > verify a distribution before it is used. >...
Yes, such companies do test all changes. But being sure that it's _very_ unlikely that a security update breaks something makes life much easier. And then there's the class of problems you could recently observe with PHP 4.3.10: PHP 4.3.10 fixed more than half a dozen known security problems, but it also contained a performance regression letting some scripts run slower by a factor of more than 50 (sic). If your distribution gives you PHP 4.3.10 to fix the security problems and you use PHP4 on a busy server you have a big problem in such a situation. > Jeff cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]