Re: CentOS 7 : broken dependencies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> On Thu, 9 Apr 2020 at 09:34, Simon Matter <simon.matter@xxxxxxxxx> wrote:
>
>> > On Thu, 9 Apr 2020 at 08:40, Simon Matter via CentOS
>> <centos@xxxxxxxxxx>
>> > wrote:
>> >
>> >> > On Thu, Apr 09, 2020 at 11:06:45AM +0200, Nicolas Kovacs wrote:
>> >> >> Which leads me to the more general question of: enable CR on a
>> >> >> production
>> >> >> server, yes or no?
>> >> >
>> >> > Not on production.  Only for testing.
>> >>
>> >> I'm not sure. Running production environments without CR enabled
>> means
>> >> you're running without current security updates for quite some time.
>> >> Seems
>> >> a bad and risky idea to me.
>> >>
>> >>
>> > Like most things in the world, there is no single answer which will
>> > satisfy
>> > all the different demands that all the environments have. You have to
>> > weigh
>> > what each environment needs in terms of confidentiality, availability,
>> and
>> > integrity (or whatever 3 or 4 letter acronym your site uses) then
>> answer
>> > if
>> > it is a good idea or not. If you need high availability, then you are
>> > going
>> > to set things up where testing is done first then roll out of updates
>> is
>> > done. If you need high confidentiality, you may push out security
>> updates
>> > more and if you need high integrity, well you probably make the
>> waterfall
>> > model look simple in what you have to do to make sure anything changes
>> > anywhere.
>>
>> My reply was to the answer "Not on production.  Only for testing.".
>>
>> I didn't go into detail because I thought it's obvious that it's not so
>> easy. I didn't mean to blindly feed all CR updates to production
>>
>
> One thing I have learned in mailing lists is that it isn't always obvious
> and there is rarely anything which meets common sense. I have dealt with
> too many policies set at some site because the person read a comment on
> email/reddit/stack-overflow and didn't see the obvious nature of
> something.
> Instead they decided that the short nature was the MUST do and end up with
> replicating things which the original poster did not expect.
>
> Or sometimes happens someone does believe that it is as simple as they
> stated and no matter what they turn on CR for every system (or turn off
> all
> updates or whatever simple solution they expound as being the one true
> solution.)
>
> That said, I should have asked what you meant by that versus going for a
> high-horse response on my own. I apologize.

No problem, sorry for not being clear enough in my first answer. Anyway
such a discussion is good as it shows different views and can help us to
make smarter decisions.

In this particular case the question is not so much about CR but about
SCLO being production ready or not.

How about upstream, do they already have updated SCLO packages?

Regards,
Simon

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux