[Olpc-sysadmin] Policy for kernel updates
Ed McNierney
ed at laptop.org
Tue May 19 17:43:50 EDT 2009
Luke -
Thanks for raising this issue. For the past few weeks dogi has been
working on putting together a complete table of servers, systems, and
services we're supporting. They're growing like weeds, and it is
getting harder and harder to maintain base operating systems because
we don't really have a good handle on what's running where, why it's
important, and what we need to do to keep it running. This has made
it almost impossible to keep current with updates - we don't know what
an update would potentially affect, and therefore we don't know how to
either properly prepare for or test an update.
I have been trying to go through his draft list and fill in the
blanks; when I do that I could use assistance in filling in the
remaining gaps. We desperately need to reduce the number of systems
we're supporting so we can actually support the ones we need well.
I'm hoping to get that list reviewed this week and will circulate it
here as soon as I can.
- Ed
On May 19, 2009, at 5:34 PM, Luke Faraone wrote:
> Hi all,
>
> Every once in a while an update like http://www.debian.org/security/2009/dsa-1800
> comes out for the Linux kernel. These are important updates which,
> if not applied, can greatly reduce our security. Unlike other
> services, the kernel cannot be "warm-reloaded" at this time, and so
> any new kernel version requires a system reboot.
>
> We need to develop a policy for handling these reboots and applying
> updates to reduce the possibility of an exploit.
>
> --
> Luke Faraone
> http://luke.faraone.cc
> _______________________________________________
> Olpc-sysadmin mailing list
> Olpc-sysadmin at lists.laptop.org
> http://lists.laptop.org/listinfo/olpc-sysadmin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/olpc-sysadmin/attachments/20090519/f5852fc6/attachment.htm
More information about the Olpc-sysadmin
mailing list