Patching is bad!
Posted Jan 30, 2003 9:26 UTC (Thu) by libra
Parent article: A look at the MS-SQL worm
For my part I'm totally opposed to the idea of using patch. If I use a patch when installing a product that means that I have installed something that is bad a one time during the process. Certainly among the SQL-server that where infected some where installed less than 6 month ago, but from an incorrect cdrom which is anyway the reference cdrom for such an installation.
On this topic the big difference here between proprietary programs and open-source programs is that during the first install with open-source you can immediatly install the right version (at the time of installation). With patches on proprietary programs you must first install something buggy, and then try to correct it, and that gives far less predictible results in the end, and a lot more work too.
Of course one can argue that when there is a bug in some open-source program there is also a requirement for applying some correction, put it is not a patch, with a rpm or whatever other method you can update : that is completely replace what has become wrong by something completely good. And the next time if you want to install the product you won't have to install the bad one before the good one if you want.
Really patches are hawfull things, what we need is software without bugs, and with proprietary software it is difficult because vendors don't want to offer "prepatched" (that is corrected) version of their products by fear some people would download them without licenses. I let you appreciate the absurdity of this situation.
For those having an MSDN at hand just count the number of "product cdrom" against "patches cdrom" in the server section. You will discover that Microsoft offers a lot more patches than real (usefull?) products. Finally you may understand that the commercial offer of Microsoft is bigger on the front of bugs than on the front of business. I hope you will enjoy this revelation.
to post comments)