Tim Larkins (EUKSHEL1PO) wrote:
> All I wan't to do is too keep my distiribution upto date with all the latest
> patches
"All" you want to do, huh? ;-)
> to make sure that it runs as smoothly as possible.. but its simply
> not possible!
<smart_aleck_banter>
Nope. And that's a GOOD(tm) thing.
</smart_aleck_banter>
> A new patch arrives every 2 days! I'm on a dial up
> connection with no free local calls.. I can't afford to d/l the latest
> 10meg patch every week... All I want is ONE page somewhere telling me
> exactly which patches I should apply, what the patch does and possible side
> effects (I've heard the later versions of PPP can cause problems when you
> upgrade to them).
Yeah, I think it's easy to get the idea that the system as-is contains lots of
land-mines which are waiting to crash your computer unless The Vital Patch
arrives in a timely manner, but after hanging around here since last fall or
so, I just don't see that being the case.
I probably deserve a royal flaming for this, but I endorse blowing off the
whole senseless pursuit. As you've observed, if one applies every patch there
is, one does little else. One also can't know that a particular patch is even
beneficial in any way without extra research. It might not fix much, or it
might add new bugs, or it might change some default configuration away from a
setting that has always been right for you.
I also don't think it's the case that the stock RedHat distributions have been
all that dangerous to use, in general. I started at 4.2 and now run 5.0, and
the vast majority of the things I've wanted to do have been stable from the
get-go. In those cases where there have been problems, I've either found out
myself [i.e. something didn't work, so I went looking for the patch because
I knew there was a need], or someone has been kind enough to alert me and the
rest of the civilized world that some application I was using could bring about
the end of humanity. For example, when the Teardrop attack got all that
publicity, the patch was advertised on this list and elsewhere, making it easy
to notice that I might be at risk for something significant.
>
>
> all I wana do is jump
> online for a couple of hours and talk on line without having to worry about
> some little s**t performing some malicous attack on me!
>
You should be able to. Again, don't take my word for it, but I don't think
it's really necessary to be THAT up to date for what you want to do. Remember,
security is always relative, but the (relative) difficulty of attacking a user
like you isn't worth getting around RedHat's (relative) security for a
(relatively) small payoff.
> Anyone got any advice? links to pages with the kinda detail i'm after,
> methods u employ to keep upto date...
Mostly, I wait until I know I've got a problem, or the serious potential for
one. It seems like the patches which cover seriously dangerous holes are
pretty well publicized when they come out, so keep your ear to the ground and
your eye on the lists, but I know that there are lots of users who are running
pretty old installations, and they seem to be staggering along okay. It would
be different if you were responsible for a large site with lots of users,
public access from the Internet, or lots and lots of machines, but for an
individual or even a smallish organization, there are probably better ways to
spend your effort than keeping up with the bleeding edge.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
