"Steven M. Bellovin" wrote:
>
> A number of people havce responded that they don't want to be forced to
> pay for a change that will benefit Verisign. That's a policy issue I'm
> trying to avoid here. I'm looking for pure technical answers -- how
> much lead time do you need to make such changes safely?
>
Merely install a new version of postfix on all MX servers? Assuming
that postfix itself has been modified as desired by VeriSign?
Well, let's see, in an emergency with the master mail server crashing
20+ times a day, I was able to get the support folks to scavenge parts,
build another machine, essentially talk them through cloning one of the
old NS machines, update it to latest system and BIND 9, run a few
rudimentary tests, and physically swap it in, all in just about 6 days.
(I probably could have done it myself in under a day, but I'm in
Michigan and they are in rural Mississippi. Also, you have to consider
that it's a 3.5 hour drive round trip to Memphis for any parts needed
on an emergency basis, and POPs are spread about an hour apart. Quick
installation is not in the cards.)
Of course, that was for BIND, not postfix, which would take longer.
To order a faster postfix frontend MX machine (we did), await delivery,
install and test and physically swap -- oops, they still haven't
finished install and test ... in 4+ weeks so far.
When they finish that, the same process on the machine swapped out,
lather, rinse, repeat until all machines are finished.
(Since the VeriSign emergency went away, there was a lot less pressure
to divert support from the jobs they are paid to do, or work overtime.)
Really, no matter how you slice it, money is at least as important to
lead time as the "pure technical answers".
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
