|From:||Dan Kegel <dank-AT-kegel.com>|
|Subject:||Shouldn't distros and ISVs ensure that security updates get deployed promptly?|
|Date:||Tue, 3 Feb 2009 23:41:50 -0800|
Security updates in current linux distros are optional, right? i.e. in Ubuntu 8.10, it *offers* updates to you every time you log in. And (though I should know better), I often ignore that message, so my systems are days out of date. Given how much malware is out there, shouldn't security fixes for remotely exploitable flaws be installed a bit more forcefully? e.g. instead of an ignorable notification, how about an in-your-face dialog saying they're going to be installed now? Or in some cases even just silently installing them? This goes not just for distros; any ISVs is on the hook for rapid security updates these days, I would think. This isn't an idle question... the ISV I work for is pondering how to package its app and how to push out security updates to all customers promptly. I can't recall any standard mechanisms to make this happen other than, um, having the package install a daily crontab script to update itself via the appropriate "apt-get install foo" or "yum install foo" command. (That sounds awful forceful, but I think lots of shops do this kind of update of the whole system, so perhaps an ISV doing it for just their one app wouldn't be too controversial. Ha.) - Dan
Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds