[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: what's your Debian uptime?

On 4/18/2013 11:56 AM, Bob Proulx wrote:

> I don't think uptime challenges are useful.  It makes people want to
> do something that they shouldn't want to do.  

Uptime is about continuous availability and reliability of
infrastructure, systems, and software, with least disruption to users,
and minimizing administrator workload.  Hans and I have been speaking
from that perspective.  This isn't a manhood measurement contest.

> When kernel security
> upgrades come along just install them and reboot.  

First, why would one install such patched code if it's not part of the
installed kernel?

Second, your methodology doesn't scale.  For large scale operations
installing new kernel patches every few weeks simply isn't financially
feasible/responsible.  Even a junior admin's salary is better spent on
things other than managing mass kernel upgrades.  If one builds
minimalist kernels one dramatically decreases frequency of mandatory
kernel security patches.  The security related flaws are typically in
subsystems that are not part of a minimalist kernel.

As a parting note I know of Postfix relays that have run continuously
for over 6 years with no updates of any kind.  A kernel with no TCP/UDP
security related code flaws (pretty rare for Linux), Postfix in chroot,
TCP 25 open inbound from public network, and TCP 22 open only on the
management network.  If the hardware and power hold up such a system can
run indefinitely without a security exploit and without kernel patches.


Reply to: