On Wed, Apr 20, 2005 at 04:23:02PM -0700, Jeff Carr wrote:
> Adrian Bunk wrote:
>
> >Let me ask some questions:
> >- How many thousand people can't continue working if the server isn't
> > available?
> >- How many million dollar does the customer lose every day the server is
> > not available?
> >- How many days without this server does it take until the company is
> > bankrupt?
>
> These are interesting questions, but not really applicable. I've never
> seen a corporate enviornment where an upstream or outside distribution
> is deployed without being tested internally first. I don't think it's
> something that should be taken into account in the release process.
> Companies have internal methods for deployment that double check and
> verify a distribution before it is used.
>...
Yes, such companies do test all changes. But being sure that it's _very_
unlikely that a security update breaks something makes life much easier.
And then there's the class of problems you could recently observe with
PHP 4.3.10:
PHP 4.3.10 fixed more than half a dozen known security problems, but it
also contained a performance regression letting some scripts run slower
by a factor of more than 50 (sic).
If your distribution gives you PHP 4.3.10 to fix the security problems
and you use PHP4 on a busy server you have a big problem in such a
situation.
> Jeff
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
