Leon Fauster wrote: > Am 06.05.2015 um 13:04 schrieb lhecking at users.sourceforge.net: >> >>> You have several hundred more Critical or Important security updates >>> outstanding. If that box touches the Internet in any way, it is likely >>> compromised. Just in the last 6 months there are 21 Important or >>> Critical updates. <snip> >> While I'm all for keeping machines current, there are production >> environments where upgrading is a huge pain or outright impossible. > > updating vs upgrading? > > and such "impossible" cases are rare compared to the majority of > EL OS installations. Saying that because the implicitness should > be systems in a current state and not contrariwise. > >> Where any upgrades need to undergo a rigorous QA process. > > the solution: automation And a) the manager who made the decision to not upgrade needs to be made aware of a) the dangers of *not* upgrading; b) the minimal risks up an upgrade (security & bugfixes), and c) needs to stop coming up with impossible schedules and put time into that least sexy thing of all, maintenance of infrastructure. And I, personally, would want an email from aforesaid manager telling me not to do any upgrades, which I would print out in several copies and put in a secure place.... <snip> mark "CYA"