[sles-beta] php disappeared in beta6?

Joe Doupnik jrd at netlab1.net
Tue May 20 04:02:29 MDT 2014 

     As I review this thread I see two views, one certain and the other 
speculatively inferred.
     One is the patch-now approach pervades SUSE's comments, versus the 
patch-if&when-appropriate of many customer comments.
     The speculative one is hinted at in Matthias' recent comments, 
which is parts of SUSE really want SLE* to be tied to their 
SCC/SMT/Manager tool suites and are removing components to ensure this 
happens. I cannot understand otherwise the removal aspect.
     Joe D.

On 20/05/2014 10:06, Pieter Hollants wrote:
> Pardon if I draw into reality again but as your said yourself, it's an _assumption_ that it would be naturally in every site's interest to install patches as fast as possible. And that very assumption does not hold true for most of our safety-relevant ATC systems (and likely for other high security sites as well).
>
> As said before, by regulation and standards EVERY change, no matter how large or small, is subject to an intensive testing process that takes weeks to months. There is no such thing as "we trust our OS vendor, let's just click through these patches". And before someone points to the obvious contradiction of running unpatched systems: these systems have no external network connectivity whatsoever except serial interfaces and "enjoy" physical protection in such a way that even we as OS integrators have no access to the facilities (ie. no chance for live debugging). And yes, much of this is pretty braindead but it's the way things are for any near time to come.
>
> So again, we need ISOs with defined content. Feel free to offer up-to-date {PHP,Python,Ruby} in separate repos with separate support policy but keep a base version on the installation media.
>
> -----Ursprüngliche Nachricht-----
> Von: sles-beta-bounces at lists.suse.com [mailto:sles-beta-bounces at lists.suse.com] Im Auftrag von Richard Brown
> Gesendet: Dienstag, 20. Mai 2014 10:45
> An: Darren Thompson
> Cc: sles-beta at lists.suse.com
> Betreff: Re: [sles-beta] php disappeared in beta6?
>
> Darren,
>
> On Tue, 2014-05-20 at 07:29 +1000, Darren Thompson wrote:
>> Richard
>>
>>
>> Good point and I will concede that the "outcome" seems to be
>> identical.
>>
>>
>> 1. How do you register the sever to SMT during the normal installation
>> workflow (I seem to have missed the option where you specify the SMT
>> server URL in that registration form)?
> It is my understanding (ie. do not consider this official or certain by any means..speculation only!) that the forthcoming updates to SMT and SUSE Manager will include a mechanism by which SLE 12 machines are able to auto detect the presence of a nearby SMT/Manager machine.
>
> I understand that the results of this auto detection are presented at the point of registration (before SCC is contacted) with the user able to choose to register against SMT/Manager instead
>
>> 2  Now what about small sites that do not have SMT installed and don;t
>> allow internet access
> That's a good question, but it leads me to ask another one - how is this small site expecting to patch their system?
>
> Whatever the answer is to that question, is how I expect them to be able to add the Module to their system.
>
> One of the recurring trends in this discussion appears to be a reluctance to install patches. I find this baffling. I understand the realities of System Administration, having done it for over 10 years and never managing to patch everything as fast as I wanted to, but I still patch, and patch regularly.
>
> This isn't just a counter to product defects and quirky scenarios, but very real and ever present security risks - the kind of thing that potential miscreants can and will try to use to get into your precious SLE Server, regardless of whether it's Internet connected or 'just' on your LAN.
> Heartbleed might not have impacted SLE 11, but there is always a chance that the 'next big scare' could. Can you patch your systems fast enough?
>
> I think it's probably safe to say that it is an assumption by myself and my colleagues at SUSE that every one of our customers is going to patch their machines, at least sometimes. That is, after all, something customers are paying us for - the timely provision of tested patches for the platform.
>
> Modules (especially the Web Scripting Module which spawned this discussion), fit into that assumption. You really don't want to run an old version of PHP, do you?
>
>> 3. Fundamentally, what is "wrong" with assuming the installation media
>> is sufficient to build a server?
> Nothing, but conversely, what is fundamentally wrong with assuming that there is some mechanism available for patching, and using that as the primary method of delivering a small subset of packages?
> Especially when that small subset of packages is a fast-moving, often-attacked, web software stack, where customers are likely to want regular updates for both new features and security patches?
>
> Regards,
> 	- Richard
>
> --
> -------------------------------------------------------------------
>    Richard Brown, QA Engineer
>    Phone +4991174053-361,  Fax +4991174053-483
>    SUSE LINUX Products GmbH,  Maxfeldstr. 5,  D-90409 Nuernberg
>    Geschaeftsfuehrer: Jeff Hawn, Jennifer Guild, Felix Imendoerffer,
>    HRB 16746 (AG Nuernberg)
> -------------------------------------------------------------------
>
>
> _______________________________________________
> sles-beta mailing list
> sles-beta at lists.suse.com
> http://lists.suse.com/mailman/listinfo/sles-beta
>
> DFS Deutsche Flugsicherung GmbH
> Am DFS-Campus
> D - 63225 Langen
>
> Tel.: +49-(0)6103-707-0
>
> Sitz der Gesellschaft: Langen/Hessen
> Zuständiges Registergericht: AG Offenbach am Main, HRB 34977
> Vorsitzender des Aufsichtsrates: Michael Odenwald
> Geschäftsführer: Prof. Klaus-Dieter Scheurle (Vors.), Robert Schickling, Dr. Michael Hann
>
> Internet: http://www.dfs.de
> Public-Key der DFS: http://www.dfs.de/dfs/public_key.asc <http://www.dfs.de/dfs/public_key.asc>
>
> _______________________________________________
> sles-beta mailing list
> sles-beta at lists.suse.com
> http://lists.suse.com/mailman/listinfo/sles-beta

More information about the sles-beta mailing list