[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (Security) upgrades with shared /usr?

On Mon, Feb 20, 2006 at 11:29:12AM -0500, Brenda J. Butler wrote:
> On the pro side for such a configuration, if you are using stable
> and limiting the packages installed to exactly what you need and no
> more, then you won't have to do this very often.  Many of the updates
> will not affect you, being for packages you don't have.

This is true in a typical server environment. But I'm afraid it is
going to be more frequent when serving desktop systems..

> You could schedule a regular maintenance time for non-urgent
> upgrades, 1/2 hour each week or month.

There are still the urgent ones - I would really hate to take EVERYTHING
down peak hours because a mozilla or libpng bug needs to be fixed.

One might argue that the programs would still need to be restarted to
make it effective, but there is a huge difference between killing a
client's session and sending them an e-mail/xmotd that they need to re-login.

> And you keep the benefits of ro /usr partition.

I could still have RO most of the time, even with a cluster

Marcin Owsiany <porridge@debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216

Reply to: