[sles-beta] php disappeared in beta6?

Pieter Hollants pieter.hollants at dfs.de
Thu May 15 08:19:26 MDT 2014 

Similar here. I had stupid discussions with so-called system managers that complained about RAID controllers requiring an admin intervention when a hard disk is plugged in, because they were expecting a JBOD mode that wasn't supported on that particular RAID controller (but on smaller models). When asked why in heaven's sake they would carry around hard disks, they said "well, to roll out updates". And added, external hard drives would be too slow, even with USB 3.0. When I asked how they tested USB 3.0 when no standard server from the big vendors supports USB 3.0 yet, the answer was "well we plugged in a USB 3.0 controller"... then again, I asked what sort of updates they distribute, that would need entire hard disks. The answer finally blew me: "Well, we dd the partitions over after we make changes. And no, we don't trust rsync."

So while this example anecdote of concrete wall-style administration is off-topic, it illustrates that we really do need ISOs. And I could live with "just one ISO with all addons" just as well. The process that won't work is that I manually collect RPMs from whatever online source, that won't scale.

And while in our case PHP is but a smaller culprit, it is imaginable that the decision affects eg. Python as well?

-----Ursprüngliche Nachricht-----
Von: sles-beta-bounces at lists.suse.com [mailto:sles-beta-bounces at lists.suse.com] Im Auftrag von Wendy Palm
Gesendet: Donnerstag, 15. Mai 2014 15:59
An: Richard Brown; sles-beta at lists.suse.com
Betreff: Re: [sles-beta] php disappeared in beta6?

We have many sites that are not connected to the internet due to security concerns.
All our systems are delivered and supported without direct network access.

I download all the security update rpms, package them together and provide them to our customers via a secure connection.
They load them onto a drive (or burn to cd/dvd) and transfer the files to the internal network to do the updates.

Unfortunately, one of our offerings does use php5, so requiring this registration and online access will inhibit our systems considerably.


> -----Original Message-----
> From: sles-beta-bounces at lists.suse.com [mailto:sles-beta- 
> bounces at lists.suse.com] On Behalf Of Richard Brown
> Sent: Thursday, May 15, 2014 8:38 AM
> To: sles-beta at lists.suse.com
> Subject: Re: [sles-beta] php disappeared in beta6?
> 
> On Thu, 2014-05-15 at 12:23 +0000, Pieter Hollants wrote:
> > And as long as your next German flight's security is guaranteed by 
> > months-taking software approval procedures, we need ISOs, not online 
> > repos.
> 
> Possibly a naive question, but with such a software approval procedure 
> how do you handle the deployment of software patches?
> 
> In high security environments, I totally understand the need to 
> prevent servers from direct internet access, but surely you still need 
> to apply patches to your servers? Isn't this even more important for 
> web scripting languages like PHP, which are often a common vector for 
> attack?
> 
> SUSE don't supply patches via ISOs, but provide SMT and SUSE Manager 
> to give ways of getting those patches to internet-disconnected 
> machines. It looks to me that Modules would slot into these two 
> products in the same way that Patch sources do.
> 
> (as an aside, SLE 12 in my test environment is autodetecting nearby 
> SMT and SUSE Manager servers and offering to register against them 
> instead of SCC. I haven't tested this yet)
> 
> I see some benefit of being able to install PHP via an ISO, but after 
> anything longer than a few weeks I'd be deathly concerned about 
> putting it in production, as it would be unpatched and therefore most 
> likely vulnerable.
> 
> Regards,
> 
> --
> -------------------------------------------------------------------
>   Richard Brown, QA Engineer
>   Phone +4991174053-361,  Fax +4991174053-483
>   SUSE LINUX Products GmbH,  Maxfeldstr. 5,  D-90409 Nuernberg
>   Geschaeftsfuehrer: Jeff Hawn, Jennifer Guild, Felix Imendoerffer,
>   HRB 16746 (AG Nuernberg)
> -------------------------------------------------------------------
> 
> 
> _______________________________________________
> sles-beta mailing list
> sles-beta at lists.suse.com
> http://lists.suse.com/mailman/listinfo/sles-beta
_______________________________________________
sles-beta mailing list
sles-beta at lists.suse.com
http://lists.suse.com/mailman/listinfo/sles-beta

DFS Deutsche Flugsicherung GmbH
Am DFS-Campus
D - 63225 Langen

Tel.: +49-(0)6103-707-0

Sitz der Gesellschaft: Langen/Hessen
Zuständiges Registergericht: AG Offenbach am Main, HRB 34977
Vorsitzender des Aufsichtsrates: Michael Odenwald
Geschäftsführer: Prof. Klaus-Dieter Scheurle (Vors.), Robert Schickling, Dr. Michael Hann

Internet: http://www.dfs.de
Public-Key der DFS: http://www.dfs.de/dfs/public_key.asc <http://www.dfs.de/dfs/public_key.asc>

More information about the sles-beta mailing list