[GRLUG] Volume of updates
Adam Tauno Williams
awilliam at whitemice.org
Sat Jan 5 17:49:47 EST 2013
On Fri, 2013-01-04 at 15:37 -0800, desert frag wrote:
> Has the frequency and volume of updates with various distros increased
> or decreased over the years?
No, I don't think so. To some degree the simple number of packages has
increased, so that brings with it a natural rise of the tide [as older
packages also continue to get updates].
> After a long hiatus I installed CentOS and various Ubuntu based
> versions a few months back thinking that many of the tweaks,
> improvements, security measures, etc had been refined, to the point
> that I hadn't expected much in the way of updates as in years past. I
> don't run that many programs but find myself surprised by how many new
> updates are available, far more than a typical Windows system has.
> Many of them seem to be security related, suggesting there's holes
> than seem to continuously crop up. What exactly is going on?
(a) I don't believe the volume of updates between LINUX-disto and
Windows differ that much.
(a.1.) Windows releases most updates on a schedule, only very critical
updates break the schedule. So the stream of updates for a LINUX-distro
seems more constant
(a.2.) Windows updates are larger and target entire subsystems,
whereas LINUX-distro package are much more granular. So again, the
number of updates is higher. I'm not sure the volume of 'data' is
higher. ".NET" at least receives a pretty steady stream of large-is
updates.
(b) An average LINUX distro install provides *WAY MORE* software than a
typical Windows install [sigh.... just try actually *using* a Windows
machine to grind some vendor or suppliers data once you've us LINUX for
a few years.... Argh! One wonders how one accomplishes anything like
real work on that platform].
(c) Updates as a security issue is *WAY* overblown IMNSHO. Many
security updates address really corner cases that only apply to narrow
uses of specific packages under certain circumstances. Microsoft would
bundle such fixes together; LINUX distributions tend to let the updates
flow out more granularly.
My advice is to not-update-urgently. Updates, always, can break things,
and updates take time. So skip it. I update my own stuff about once a
month, on a lazy Friday where if something does break I have time to
notice and address it. Don't update Sunday night!
Watching LWN will typically tell you if there is a really urgent
security issue that needs to be addressed rapidly; but these are very
rare these days. And even those frequently have a 'temporary' work
around.
In general a good tiered design and use of tools like iptables and
SELinux / AppArmour are going to do 9,999,999,999,999^999 times more for
your security than 'staying-up-to-date'.
A current but poorly configured system without lax user credentials IS
FAR MORE *INSECURE* than an older system properly configured with good
policies.
More information about the grlug
mailing list