On Tue, 2008-08-05 at 20:30 +0300, Dimitris Zilaskos wrote: > > Since the systems serving as file servers will be dedicated to that > purpose and thus not be accessible to others but only to staff, it is my > view that it would be adequate to run Sun provided kernels on them.
Indeed. That is how most of our installations run and thus only remote exploits are of the very critical nature. > For systems that act as clients and are open to users, I am evaluating the > patchless lustre client option under our workloads. If the performance > difference is acceptable, we may stick with it. Do you, or any other, have > any comment on this approach? Indeed, we highly recommend patchless clients, especially in cases where you need to remain absolutely current with errata kernels. In fact it would not be surprising if the need for security took precedence over any measurable performance impact patchless clients may have. Afterall, a performance problem at the client side can usually be remedied by adding more clients. There's no such remedy for security issues. b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Lustre-discuss mailing list [email protected] http://lists.lustre.org/mailman/listinfo/lustre-discuss
