Jack VAN GORKUM wrote:
First, thanks for the PCA application. We have been using PCA for some
time now, and like the results (especially the HTML formatted reports).
Thanks for the feedback!
Can you send me the link to the actual forum (if there is one) as I
cannot find it.
There is none. Personally, I never got the hang of web forums - I hate
wading through 10 pages in a thread looking for the messages which I
haven't read yet. There's an archive for the mailing list, though, if
you're looking for past messages:
http://www.mail-archive.com/[email protected]/
We noticed several patches which show up on PCA that do not show up with
Sun's Update Manager. It turns out the more accurate report is PCA's
information.
Yes. Theoretically, Sun's UM should be better, as it has more
information about the patches. Practically, it still has issues with
false positives (patches which don't apply to a system) and false
negatives (it doesn't show some patches, even security, giving you a
false sense of safety) all the time.
When we contacted Sun, they informed us the following;
I'ma amazed about the reply you got. You must be an important customer.
"PCA utilises the patchdiag.xref file which is included with
patches. However, this file is dependent on being accurate in the first
place and (cannot be guaranteed to continue to be updated.)
Of course pca depends on the information provided by Sun in the
patchdiag.xref file. It isn't the only source it uses though - over the
time I've collected a big amount of extra rules for problematic patches
in pca itself.
For a long time, I was hesitating to add such "hacks", but at the end it
turned out to be a good thing. As more and more people started to use
pca, it was being run on a lot of different systems with exotic
installations and package sets. So sooner or later, if a patch shows up
wrongly, it got/gets reported to me and I add a workaround to pca for
that patch, usually on the same day. Over time, it got more and more
accurate like that.
The problem with UM's "patch realisations" is that your chance to get
one added or fixed is very low, and it usually takes weeks or months.
During that time, thousands of admins trip over the same problem and
waste a lot of time looking at issues which could have been solved
within minutes a long time ago.
Are there plans to modify PCA to use whatever patch realization method
(or info) Sun will guarantee to keep up to date ?
The problem with using the current patch realizations is that they
consist of (compiled) java code and are not documented, so there's no
way to use them with an external program.
The history of Sun's announcements of patchdiag.xref being removed is
long. There is no guarantee that the file will continue to be provided,
at least I can't give you that. If Sun stops providing the xref file
tomorrow, pca is dead as well. I'm pretty optimistic that this won't
happen soon, though. There are people at Sun which are fans of PCA.
Martin.
