It's just as important to patch internal boxes if not more important. 80 percent of network attacks come from the inside, a firewall and patched external boxes do you no good if someone takes it down from the inside.
Trevor > To which I again point at the Mandrake 9 install thread. > > Neither system is perfect period. > > Back to the platform standardization issue, I only have 1 platform to > test across. Compaq deskpro EVO 1.7 w/ 512 Megs of RAM. Other boxes > are non-production, or whatever. > > Further, I generally do not need to immediately apply patches. Sure, if > Apache has some major issue come out, then I'll patch it on external > facing boxes. But I can wait a while before patching a BIND > vulnerability on a box that runs internally only. Others can find > problems for me, thanks... > > Kev. > ----- Original Message ----- > From: "Jesse Kline" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, December 02, 2002 11:54 AM > Subject: Re: (clug-talk) Linux Work > > >> Quoting Kevin Anderson <[EMAIL PROTECTED]>: >> >> > Would you install something onto a production box without testing it > first? >> > I test everything before it goes into production. Therefore, >> actually emerging the app doesn't worry me, because I know it will >> compile correctly, >> > and install in my environment. I've already done it in test. >> >> There is a difference between you testing a package for a couple >> hours, > and >> having it tested by a distributor. Before a version of Red > Hat/MDK/whatever >> comes out, the packages are tested by the author, in the lab, in alpha > tests, in >> beta tests, etc. Then once the distro. has his the market it is tested >> by thousands of other people. I love having a system with the latest >> and > greatest >> software but there are drawbacks. Just because a new version is >> released > doesn't >> mean that it has less bugs than the old version. It could have a new >> bug > that >> you missed, and then fucks up your server. Where as someone using Red >> Hat > 7.3 or >> 8.0 still gets the security updates but also has the security of >> knowing > that >> their packages have been tested by thousands of people, and have a >> better > chance >> of working properly than something that was released yesterday and is > running in >> your production environment today. >> >> Jesse
