lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Sat, 16 Feb 2008 23:27:25 -0500
From:	Valdis.Kletnieks@...edu
To:	Willy Tarreau <w@....eu>
Cc:	Bill Davidsen <davidsen@....com>, Adrian Bunk <bunk@...nel.org>,
	linux-kernel@...r.kernel.org
Subject: Re: Driver removals

On Sat, 16 Feb 2008 08:39:08 +0100, Willy Tarreau said:

> I don't understand why kernel developers always think that users spend
> their whole time testing their new stuff. That is mostly true for a lot
> of desktop users, but definitely not for servers. On a server, you may
> *ignore* that a new driver exists for years. The basic make oldconfig
> does the stuff right.

Been there, done that.  We got a number of boxes that sit there for ages
between reboots and even longer between upgrades.  Deploying Solaris 10 was
like a 2-year process for some of our boxes (when the boxes are running the
Oracle databases that house the enterprise business systems, and your
organizational budget is pushing the $1B/year mark, everybody gets *really*
cautious to avoid a CLM while upgrading... ;)  And we may actually manage to
finally kill off our last AIX 4.3.3 box this quarter (4.3.3 was released all
the way back in Sep 1999, and EOL'ed back in 2004 - don't ask. :)

Of course, the difference is that we *expect* that there's a good chance that
if we try to subject that sort of box to 3 year's worth of updates, there's a
good chance we'll discover that some driver has been EOL'ed or otherwise
problematic on now-ancient hardware...

(And yes, there's a *lot* of risk-management going on centered around "What if
we have to patch Server23 for a critical kernel security issue?".  Of course,
if it was actually *feasible* to blindly upgrade-and-reboot twice a month, the
job could be done by a much less expensive patch monkey, so it's good job
security ;)





Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ