On Tue, 20 Apr 2010, Charles Jones wrote: > Having a high uptime does not necessarily mean that there have been no > security updates, since you can update almost everything without a reboot. > Granted a reboot is required to update the kernel itself, but if your server > is decently hardened and firewalled, exactly which kernel exploits are you > vulnerable to?
The fact that it is possible doesn't mean that it is probable. I agree that your way is preferable, but the folks here only react to things that are broken. Security updates to fix even a small chance of a break in don't tend to happen. The odds are low, but the risks are dollar amouunts much greater than I will earn in my lifetime. > I had a server that was online for over 1300 days, until it was rebooted by > datacenter power issues. Since it rebooted anyway, I took the opportunity to > install the only package that was not up to current, the linux-kernel. Did I > suddenly feel safer? Not really :) It's about risk management. I don't want to be on the hook for not following "best practices". -- Matt It's not what I know that counts. It's what I can remember in time to use. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
