Fedora Security Process Model Question

[Leonard Isham]

On Thu, 3 Mar 2005 06:32:11 -0700, Charles Curley
<charlescurley at charlescurley.com> wrote:
> On Wed, Mar 02, 2005 at 04:49:20PM -0500, Chris Strzelczyk wrote:
> > Hello,
> >
> > I am a BSD user who inherited a couple Fedora web servers machines.  I
> > have a couple of questions on
> > how to best get security updates in the quickest possible manner.  I
> > have been through the FAQ however, it
> > doesn't answer my questions and I would like to get some real world
> > answers from sys admins.  I also want to
> > decide if to keep Fedora on these machines or migrate to BSD.
> >
> > 1. What is the best/quickest way to get security updates for Fedora
> > Linux?  Although Redhat mentions to get errata
> > thourgh redhat.com I see nothing for Fedora on the redhat support page.
> >  Is yum or up2date the only way to go?
> 
> Yum is an excellent tool for each machine. You mention having several
> machines. If they are full installations, you may find it minimizes
> bandwidth consumption to start a local repository and point yum to
> that. http://www.charlescurley.com/yum.html
> 

There is a RPM for YAM which apparently automates this to some extent.
 I have not tried it myself and only recently found out about it.

> >
> > 2. Once Fedora goes to a new revision level (i.e. from core 3 to core
> > 4) when do the experts recommend we update Fedora
> > core 3?   I believe updates stop a few months after the new revision is
> > release.  Does this include security updates?
> 
> I believe it is several months after the next version is out. So FC(N)
> is obsoleted several months after FC(N+1) is out. I had FC(1-3) all
> running here for a while. Other than the obvious minor differences
> between them, it was not a problem.

OT: If longevity is a concern then one of the RHEL clones (CentOS,
White Box Linux, etc.) may be something to look into.

[snip]

-- 
Leonard Isham, CISSP 
Ostendo non ostento.