[CentOS-devel] yum-plugin-security and shellshock
Kevin Stange
kevin at steadfast.netThu Oct 2 14:37:09 UTC 2014
- Previous message: [CentOS-devel] yum-plugin-security and shellshock
- Next message: [CentOS-devel] yum-plugin-security and shellshock
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 10/02/2014 03:32 AM, Karanbir Singh wrote: > On 10/01/2014 08:41 PM, Kevin Stange wrote: >> I'll be honest: I don't care about this scenario at all. My spacewalk >> server would take care of this just by virtue of CentOS having the data >> ever available for these packages and constantly keeping itself current. > > but your usecase does not represent a sane interface from the project > side - hacking up something that is going to put users at risk is far > worse that communicating that users need to really just apply all updates. > > I really dont understand the corner case arguments you make here, Kevin > you are far smarter than this. Are you just trying to tick a box off and > dont care if that leaves a majority of the userbase exposed by > incorrectly commnunicated confidence ? > > The fact that you are actually looking to penalise people who dont run > updates nightly is very dangerious. I'm not trying to penalize users who don't run updates nightly. I'm considering people who don't update at all for entire distro release cycles already doing things so badly, it barely matters if they're misinformed. The point of this updateinfo.xml is to get information to people who are updating on an ongoing basis so they can see what kind of updates they're getting when they run their daily, weekly, or monthly yum update. When I update my Windows servers, I read the update notices to see what component is being updated and why. I don't usually skip updates, but it lets me determine if maybe there are any things I should double check after applying or if I should delay an update while I need to QA something. I do the same thing in CentOS, but in CentOS the only source of information for this is the mailing list. It could appear right in the Update Manager, or at least the update manager could end up having a link right to the RHXAs. I think there is an actual benefit for the people who update regularly that trumps people who choose to do really weird things and intentionally disregard the constant update process of the OS. -- Kevin Stange Chief Technology Officer Steadfast | http://steadfast.net Phone: 312-602-2689 ext. 203 | Fax: 312-602-2688
- Previous message: [CentOS-devel] yum-plugin-security and shellshock
- Next message: [CentOS-devel] yum-plugin-security and shellshock
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-devel mailing list