On 02/06/2015 07:26 AM, Lukas Reschke wrote: > >> On 06 Feb 2015, at 14:22, Arthur Schiwon <[email protected]> wrote: >> >> Also note, PHP 5.3 is dead: >> http://de2.php.net/archive/2014.php#id2014-08-14-1 > > Let me use that opportunity to state the fact that distributions will never > be able to backport all security patches properly. The argument “but RHEL > backports security fixes” is not really a valid one. > > A very good example is a security check for a problem fixed in PHP 2011 where > I added an exploitability check in our installer and if the bug was still > exploitable showed a big red security warning. The problem was then finally > addressed 2013 in RHEL as well (was funny to see our users spamming the RHEL > bug tracker)
I understand what you are saying, but it isn't valid in the context of systems that the user base expects 100% uptime. My systems under-go a reboot every 6 months and fail-over is such that I only reboot a few at a time. If I have done my job correctly, the user base doesn't know, but at the same time it is really tricky when users will run a computationally heavy job for +2 months at a time. I rely on the front line defense for most of my security. Don't get me wrong, security patches are applied daily just in case, but I am still in mid-cycle for the 6.5->6.6 update for a /minor/ version release (I have 4 servers running a complex job for over a month and only about 60% done...I won't be updating them until that job finishes). It has little to do with security and _everything_ to do with stability. :-/ Thanks! ~Stack~
signature.asc
Description: OpenPGP digital signature
_______________________________________________ User mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/user
