George Magklaras wrote: > I am not sure I would agree with either of the solutions presented in > the thread. I understand that your systems need extra security. However, > there is security in terms of availability and security in terms of > confidentiality. To rely on a system to be available, just by upgrading > the kernel is not a good idea. glibc, module-init-tools, and other > dependences might introduce problems to the system if you just upgrade > the kernel, especially if you do development work (compilers, dev libs?) > You need a proper way to handle the dependencies for these things. I dunno. Over the years, I've upgraded my kernel a number of times. Yep, I did also have to do binutils, and a few others, but I never had a problem compiling. > > If your employer wants the best solution about keeping RHEL systems > up-to-date in a secure way, that should provide a proper RHN Satelite > Server. It is essentially an advanced proxy server that stands between > your system and the Internet and allows controlled upgrades. The > procedure to obtain and setup this is given here: > https://www.redhat.com/rhn/ > > and at the bottom you should find various whitepaper links that give you > an idea about what to expect when you implement this. *sigh* I'm literally learning about that today at work - the distributed, freeware version is Spacewalk. mark -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
