[Desktop_architects] Shouldn't distros and ISVs ensure that security updates get deployed promptly?
Andreas Jaeger
aj at suse.de
Wed Feb 4 00:56:48 PST 2009
On Wednesday 04 February 2009 08:41:50 Dan Kegel wrote:
> Security updates in current linux distros are
> optional, right? i.e. in Ubuntu 8.10, it
> *offers* updates to you every time you
> log in. And (though I should know better),
> I often ignore that message, so my systems
> are days out of date.
>
> Given how much malware is out there,
> shouldn't security fixes for remotely exploitable
> flaws be installed a bit more forcefully?
> e.g. instead of an ignorable notification,
> how about an in-your-face dialog saying
> they're going to be installed now?
> Or in some cases even just silently installing them?
>
> This goes not just for distros; any ISVs is on
> the hook for rapid security updates these days,
> I would think.
>
> This isn't an idle question... the ISV I work
> for is pondering how to package its app
> and how to push out security updates to all customers
> promptly.
> I can't recall any standard mechanisms to make this
> happen other than, um, having the package install
> a daily crontab script to update itself via the appropriate
> "apt-get install foo" or "yum install foo" command.
>
> (That sounds awful forceful, but I think lots of shops
> do this kind of update of the whole system, so perhaps
> an ISV doing it for just their one app wouldn't be too
> controversial. Ha.)
There are cases where it will not work - e.g. updating the kernel. You need
to reboot for that ;)
openSUSE offers to setup a cronjob to install updates automatically but not
as prominently as the normal pop-up. So, yes that's indeed the only option
I'm aware off.
If you do updates automatically you should ensure IMO that the packages are
ABI compatible, so e.g. all (Firefox) plugins continue to work, and contain no
completely redesigned UI,
Andreas
--
Andreas Jaeger, Director Platform / openSUSE, aj at suse.de
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
Maxfeldstr. 5, 90409 Nürnberg, Germany
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.linux-foundation.org/pipermail/desktop_architects/attachments/20090204/616574a3/attachment.pgp
More information about the Desktop_architects
mailing list