On 4/18/2013 11:56 AM, Bob Proulx wrote: > I don't think uptime challenges are useful. It makes people want to > do something that they shouldn't want to do.
Uptime is about continuous availability and reliability of infrastructure, systems, and software, with least disruption to users, and minimizing administrator workload. Hans and I have been speaking from that perspective. This isn't a manhood measurement contest. > When kernel security > upgrades come along just install them and reboot. First, why would one install such patched code if it's not part of the installed kernel? Second, your methodology doesn't scale. For large scale operations installing new kernel patches every few weeks simply isn't financially feasible/responsible. Even a junior admin's salary is better spent on things other than managing mass kernel upgrades. If one builds minimalist kernels one dramatically decreases frequency of mandatory kernel security patches. The security related flaws are typically in subsystems that are not part of a minimalist kernel. As a parting note I know of Postfix relays that have run continuously for over 6 years with no updates of any kind. A kernel with no TCP/UDP security related code flaws (pretty rare for Linux), Postfix in chroot, TCP 25 open inbound from public network, and TCP 22 open only on the management network. If the hardware and power hold up such a system can run indefinitely without a security exploit and without kernel patches. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5170ba97.2050...@hardwarefreak.com