Yes but with the Linux tree updates identifying the actual issue and who has the authority to change / update / do it right can be challenging. Debian had the Drupal CMS in their distributions for years and despite many attempts we could not get that thing out of their despite it being old/unsecure/not-desired all because some guy refused to remove it from the repo.
At least with MS OS and Applications we have a central point. We have had very few actual patch related issues. We have had many claims that the issue were patch related but when drilled down on turned out to generally be not a patch issue. Vendors need to get on the band wagon and begin to leverage the tools Microsoft has supplied them but I don't really agree that the Linux world has done this better. It really all gets down to which *nix distro you are using and which repositories you pick as to if they work or not. Steven Peck http://www.blkmtn.org On Tue, Jun 15, 2010 at 3:38 PM, Ben Scott <[email protected]> wrote: > On Tue, Jun 15, 2010 at 5:48 PM, Steven Peck <[email protected]> wrote: >> You are essentially relying on 'some' <random maintainer> >> to be doing something 'right' or at least agreed on and that their >> choices will not nuke your existing configuration. > > Well, unless you write all software you use yourself, you're always > relying on someone else to do it right. :) > > It's certainly true that package maintainers can make mistakes. (As > you may have noticed, proprietary software companies aren't perfect > either. <grin>) However, one nice thing about strong package > management is that it's very easy to automate things like integrity > checking to detect mistakes -- often even preventing them from causing > damage. > > For example, on our Linux boxes, every program file is "owned" by a > particular package. If another package tries to install another copy > of some library, RPM will detect that during pre-install and abort, > saying the new package has a file which conflicts with an > already-installed package. > > The tools used to build RPM packages include things which > automatically detect the libraries needed by an executable and note > them as dependencies. > > And assuming the packages contain correct information (the same way > we assume Microsoft builds their MSIs correctly), there's all sorts of > good things you get. > > Say I want to uninstall foo, but something else depends on it. RPM > will refuse the uninstall, telling my exactly what "foo" depends on. > > Or say I'm looking at a strange file, and I'm wondering what it's > for. For example: > > /usr/lib/libpanel_g.a > > I have no idea what that library is for. But I can do this: > > $ rpm --query --file /usr/lib/libpanel_g.a > ncurses-devel-5.5-24.20060715 > > So now I know it's from the "ncurses" development package. If I > didn't know what ncurses was, I can do: > > $ rpm --query --info ncurses > > and read a description. > > Take a look at C:\WINDOWS\SYSTEM32\ on a Windows box near you. Can > you tell me what every file is for? Can you easily find out? > > Or let's say you want to make sure Exchange has all the right > versions of all the right libraries installed. At *best*, you're > running a purpose-built tool which checks that. It's quite possible > you're going to end up searching the hard disk for particular .DLL > files and manually checking version numbers. > > With RPM, I can do "rpm --verify --all". That will check every file > in every package, and tell me if it has been changed improperly (and > if so, what changed); it will also report any broken dependencies. > > Certainly, MSI has made things better, and Microsoft keeps improving > it, so I have hope that we'll be able to do things like this on > Windows some day. But it's still years off, at best, I think, before > the Windows ecosystem will really catch up on this front. First > Microsoft has to build the tools, and then the rest of the industry > has to adopt them. > > I'm not saying this is a sufficient condition to abandon Windows for > Linux. I'm just saying this is something Linux does better today, and > that it's a model I hope the Microsoft world learns from and adopts. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
