----- Original Message ----- > From: "Frederick Gleason" <[email protected]> > On May 10, 2015, at 14:14 40, Jay Ashworth <[email protected]> wrote: > > One is that a more up to date kernel/os is more secure against > > attacks. > > FWIW, RedHat (and hence CentOS) are *very* proactive about feeding > security fixes (including back ported kernel fixes) into the update > pipeline. That being the case, you can regard any Broadcast Appliance > setup (CentOS 5 or 6) as being every bit as ‘secure against attacks’ > as any brand new setup (assuming, of course, that you actually > *install* the updates as they come down).
Ok, sure. But -- and I should have said this explicitly in the original post -- *I don't leave automatic updates on* on such machines either. Once I have the machine configured, tested and working, *NOTHING CHANGES* unless and until I have time to install such updates and requalify it. Nothing. At all. I can't explain to you what percentage of the problems I have had to fix for people for money in the last 20 years were due to automatic updates breaking stuff, but it's measurable. Nobody dies if the on-air playout machine falls over. (Well, except maybe the CE :-) But it's still on the Critical Path. And you Don't Mess With The Critical Path. :-) > > This is *why* it's an appliance: because that keeps its complexity down > > far enough that the people who assembled it can reasonably do all the > > support you need on it. > > Preach it, Bro! :) > > Bottom line: while the system is indeed there to entertain, it’s not > there to entertain *you* (or the operator), but rather your > *audience*. You want the base Linux environment (desktop, utilities, > etc) to be as stodgy and boring as possible, ‘cause that means you’ve > got a better chance that it will also be *stable*. Not for you are > spinning 3D cubes on the desktop! Pretty much. Cheers, -- jr 'Can I get an Amen!?' a -- Jay R. Ashworth Baylink [email protected] Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274 _______________________________________________ Rivendell-dev mailing list [email protected] http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
