Re: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH vulnerability

["veins" <veins@skreel.org>]

It depends of the box you are willing to upgrade, sometimes you just better
loose an hour
upgrading a dozen of sshd than loosing twenty hours recovering backups
because you've
either been compromised, either are unsure about the integrity of that very
important
system with all the confidential customers databases.

My point of view would be that, since i'm paid to admin a dozens of box, i'd
better do it
and have a peaceful mind than upgrading one and worrying about what might
happen if
someone got to know i wasn't up to date.

Also, having shell scripts to automate the uploading and applying of a patch
isn't that hard
to write...

-- veins
a bofh said: I too can bore you with useless encrypted keys...
"? ssa ruoy pu ti evohs dna yek pgp ruoy ekat uoy t'nod yhw"


----- Original Message -----
From: "Adrian Close" <adrian@close.wattle.id.au>
To: "veins" <veins@skreel.org>
Cc: <misc@openbsd.org>
Sent: Wednesday, June 26, 2002 3:34 AM
Subject: "Upgrading only takes a few minutes" Re: Upcoming OpenSSH
vulnerability


> On Wed, 26 Jun 2002, veins wrote:
>
> > upgrading only takes a few minutes  :)
>
> I know you mean this good-naturedly, but spare a thought for those of us
> with more than one OpenBSD box in production use.
>
> It may only take a few minutes to upgrade one system, but when you have a
> whole raft of systems, deciding whether you _need_ to devote a whole day
> or more to applying patches (not to mention the downtime involved,
> especially if something goes wrong) is a significant question.
>
> Adrian Close email: adrian@close.wattle.id.au
> 1 Old Gippsland Rd. web: http://www.close.wattle.id.au/~adrian
> Lilydale, VIC, 3140, Australia mobile: +61 412 385 201