LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

September 2017

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS September 2017

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA ... on SL6.x and Older
From:	Keith Lofstrom <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Sat, 23 Sep 2017 12:52:59 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (55 lines)

On Tue, Sep 19, 2017 at 11:47 PM, Bill Maidment <[log in to unmask]> wrote:
> So much for security issue support for 10 years. Probably best to assume
> only 7 years in real life.

On Wed, Sep 20, 2017 at 07:24:25AM -0700, Akemi Yagi wrote:
> Here's the description about "Production 3 phase":
> "During the Production 3 Phase, Critical impact Security Advisories
> (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be
> released as they become available. Other errata advisories may be delivered
> as appropriate."
> So, yes, not all security updates are available once RHEL (therefore
> Scientific Linux) goes into that phase.

In a larger sense: how much work is it to semi-automate
the process of backporting all these security fixes from
SL6 and SL7 to earlier distros? 

This isn't in RedHat's best interest.  They want to keep
selling software, and benefit from churn.  Their biggest
customers benefit from thirty second shorter boot times
across 100,000 machines (cough systemd cough).   

Most of us are not big customers, and only upgrade to
fix security flaws.  New "features" like Gnome 3 tablet-
oriented gestures are interruptions to workflow and the
reason I make donations to the MATE project rather than
purchase products from RedHat.  New "features" are new
vulnerabilities, especially if the criminals have more
time to analyze new features than we do.

While SL7 follows what RedHat does (and rightly so), 
perhaps there are enough of us here (and using CentOS 
for similar reasons) to fork a "superstable" distro
and pay a few people to support the fork. 

For example, I spend more hours than I would like
struggling to learn about systemd (after more than three
decades of SysV).  I worry about having to learn about
systemd's replacement in SL8 or SL9.  For me, computing
is a utility.  I crunch numbers, not "tweet" (or "twang"
or whatever will be stylish in 2027), and prefer to change
how I do it as often as I change electrical wall sockets
and plugs.  I prefer to leave a numerical code legacy
that is useful (or at least testable) three decades
from now, which does not die when Stephen Wolfram does.

Sigh.  Many 20th and early 21st century "accomplishments"
are best forgotten.  Perhaps Linux, and our work based on
it, will be forgotten as well.

Keith

-- 
Keith Lofstrom          [log in to unmask]

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV