Fedora Security Process Model Question
Guy Fraser
guy at incentre.net
Thu Mar 3 20:54:30 UTC 2005
On Thu, 2005-03-03 at 11:17 -0500, Leonard Isham wrote:
> On Thu, 3 Mar 2005 06:32:11 -0700, Charles Curley
> <charlescurley at charlescurley.com> wrote:
> > On Wed, Mar 02, 2005 at 04:49:20PM -0500, Chris Strzelczyk wrote:
> > > Hello,
> > >
> > > I am a BSD user who inherited a couple Fedora web servers machines. I
> > > have a couple of questions on
> > > how to best get security updates in the quickest possible manner. I
> > > have been through the FAQ however, it
> > > doesn't answer my questions and I would like to get some real world
> > > answers from sys admins. I also want to
> > > decide if to keep Fedora on these machines or migrate to BSD.
> > >
> > > 1. What is the best/quickest way to get security updates for Fedora
> > > Linux? Although Redhat mentions to get errata
> > > thourgh redhat.com I see nothing for Fedora on the redhat support page.
> > > Is yum or up2date the only way to go?
> >
> > Yum is an excellent tool for each machine. You mention having several
> > machines. If they are full installations, you may find it minimizes
> > bandwidth consumption to start a local repository and point yum to
> > that. http://www.charlescurley.com/yum.html
> >
>
> There is a RPM for YAM which apparently automates this to some extent.
> I have not tried it myself and only recently found out about it.
>
> > >
> > > 2. Once Fedora goes to a new revision level (i.e. from core 3 to core
> > > 4) when do the experts recommend we update Fedora
> > > core 3? I believe updates stop a few months after the new revision is
> > > release. Does this include security updates?
> >
> > I believe it is several months after the next version is out. So FC(N)
> > is obsoleted several months after FC(N+1) is out. I had FC(1-3) all
> > running here for a while. Other than the obvious minor differences
> > between them, it was not a problem.
>
> OT: If longevity is a concern then one of the RHEL clones (CentOS,
> White Box Linux, etc.) may be something to look into.
>
> [snip]
...snip...
Forgive me for saying, but if you are more familiar with BSD, you may
want to move what you can to BSD in order to reduce your possible
exposure.
More information about the fedora-list
mailing list