|| ||Dan Kegel <dank-AT-kegel.com>|
|| ||Shouldn't distros and ISVs ensure that
security updates get deployed promptly?|
|| ||Tue, 3 Feb 2009 23:41:50 -0800|
|| ||Article, Thread
Security updates in current linux distros are
optional, right? i.e. in Ubuntu 8.10, it
*offers* updates to you every time you
log in. And (though I should know better),
I often ignore that message, so my systems
are days out of date.
Given how much malware is out there,
shouldn't security fixes for remotely exploitable
flaws be installed a bit more forcefully?
e.g. instead of an ignorable notification,
how about an in-your-face dialog saying
they're going to be installed now?
Or in some cases even just silently installing them?
This goes not just for distros; any ISVs is on
the hook for rapid security updates these days,
I would think.
This isn't an idle question... the ISV I work
for is pondering how to package its app
and how to push out security updates to all customers
I can't recall any standard mechanisms to make this
happen other than, um, having the package install
a daily crontab script to update itself via the appropriate
"apt-get install foo" or "yum install foo" command.
(That sounds awful forceful, but I think lots of shops
do this kind of update of the whole system, so perhaps
an ISV doing it for just their one app wouldn't be too
to post comments)