OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] Suggestion to the SuSE security people
From: Bob Vickers (bobvdcs.rhbnc.ac.uk)
Date: Thu Oct 05 2000 - 05:23:37 CDT

It's quite hard to get the balance right between making it as easy as
possible for administrators (who may well not be experts) to keep
up-to-date with security fixes while avoiding the risk of damaging the
system by an over-enthusiastic application of updates.

One essential pre-requisite is that it must be possible for a utility to
distinguish between security updates and non-security updates; I'm not
sure if this is possible at present. And the suggestion about
distinguishing between external and internal threats is also a good one.

Given this it would be possible for autorpm (or something like it) to
ignore most updates and only apply (or offer to apply) security fixes.

Bob
==============================================================
Bob Vickers R.Vickersdcs.rhbnc.ac.uk
Dept of Computer Science, Royal Holloway, University of London
WWW: http://www.cs.rhbnc.ac.uk/home/bobv
Phone: +44 1784 443691

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com