Jaigh Jaddo wrote: > There are several reasons for this. > > 1. Clearly there can be vulnerabilities that have not been fixed yet > or have been fixed and there has not been a package created yet. In > this case I would access my risk and disable the vulnerable service > as needed. > > 2. I am running a large enterprise and cannot risk upgrading > packages unless there is a clear reason to do so (ie. Security > vulnerability). Doing a global yum update is risking for the > enterprise. It is fine at home. With that in mind, I have a few other suggestions and comments. Fedora may not be the most suitable OS for such a situation. RHEL or CentOS would seem like better candidates. Perhaps you have a need for newer software though. You may want to check out the yum-security and yum-changelog plugins, which may help you in determining which updates you want to apply. You can also filter the fedora-package-announce list for security related updates. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Every man should have a college education in order to show him how little the thing is really worth. -- Elbert Hubbard (1856-1915), "A Message to Garcia"
Attachment:
pgpprAQQWkGFJ.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list