[Dshield] Heterogenous patch management

Kenneth Porter shiva at sewingwitch.com
Thu Sep 25 20:01:37 GMT 2003


--On Thursday, September 25, 2003 12:55 PM -0600 Kenton Smith
<ksmith at chartwelltechnology.com> wrote:

> I realize that there are ways to patch without having to compile source
> code. However, I can't use RHN on BSD, if there's one for Solaris it
> won't patch my Red Hat systems. This is where the added complexity
> arises. If I only had Red Hat systems, I could use RHN, but then I'd end
> up with a homogenous system gain, which according to the paper, is a
> security risk.

So are you saying you want a single patch system that manages patches from
many  vendors?

I can't imagine Sun not having some kind of automated patch system like RHN
and Windows Update, *for Sun systems*. Commercial distros of BSD are likely to
implement one to compete.

> > If a vulnerability is released for IIS, I used to run
> > my patch management software and get them all patched. This was one easy
> > step and I could schedule it for any time of the day or night. I still
> > do for IIS

So now you'd have 4 patch systems, one per vendor.




More information about the list mailing list