[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: yum plugin suggestion or yum change?



Jeff Spaleta wrote:
> On 12/5/05, Nicolas Mailhot <nicolas.mailhot> wrote:
>> Do you know why windows security sucks ? It's not because the patches
>> does not exist, it's just that applying them has historically been so
>> painful people do not bother. Why are you purposefully making yum use
>> painful as well ?
> 
> I'm really not sure why you decided to through this in...but I'll
> bite. Yes or no... does Microsoft's XP auto updater understands the
> difference between critical and non-critical updates and does it offer
> all available updates as part of automated facility?
> 
> Does MS's updater allow some critical updates to fail?

The microsoft updates follow two modes :

A fully automated
B separate fixes with long explanations and detailed procedures

A sometimes makes mistakes but everyone uses it. That's what yum should be

B is akin to the mode you'd like people to follow when yum fails. It was
MS default system for years because they didn't trust automation. And
almost no one was using it because most people prefer an insecure system
to one which forces them to 'investigate" problems manually all the time.

Now MS force-feeds updates to everyone even if they sometimes fail,
because the end result is orders of magnitudes more secure than not
automating fully and expecting people to clean up manually afterwards.

« Le mieux est l'ennemi du bien » as we say in French. Meaning if you
always strive for perfection, you'll never achieve good enough state.
Most of the times "good enough" is the right goal. On paper people
investing manually every update problem is the best solution. In the
actual world they won't investigate no matter what, so by striving for
perfect security you're only achieving the reverse.

-- 
Nicolas Mailhot


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]