[clug-talk] Enterprise Linux?

Mark Lane mark at harddata.com
Tue Jan 25 06:44:38 PST 2005 

Travis Rousseau wrote:

>
>> 2 days?  You must have been using a mirror that's having problems.
>>
>> Why would your server be down? The dependency problems prevent you 
>> from updating, they should not bring your system down. Your server 
>> can still run on the older packages. In most cases, the updates are 
>> release long before a viable exploit is written. If you need them 
>> faster you can always patch the packages yourself. Or use a temporary 
>> fix.
>>
>> I know there was an exploit for the recent PHP bug came out about as 
>> soon as it was announced but the exploit required bugs in both the 
>> application (like phpBB) and PHP. The patch for phpBB was released 
>> pretty much right away and as long as you applied it you were safe.
>>
> It was a exploit in cups (we got hit the same day the first update was 
> released for fc3) it caused a dos every time we brought backup the 
> computer tried to download the update we got a descrepency if we put 
> it back online it would get the dos we had to wait 2 days till the 
> descrepency was fixed.

Yeah I remember that dependency problem. Did you try looking for the 
required package in testing?

I am sorry to hear that but you do realize you shouldn't be running a 
cups server straight on the net like that. If you were running a cups 
server on your private network it would be trival to block any Dos 
attacks coming in on that/those port(s). Even if you do have the machine 
on the net, you could easily just boot up without cupsd running or set 
your iptables to drop packets from anyone not authorized to print on 
that machine. Any of these solutions could be implemented in 10-20 
minutes so 2 days of downtime is really not required.

I am not really defending Fedora here, they definitely have a few 
wrinkles to workout in their release mechanism but they really hasn't 
been that many problems.

BTW if your server is that important that it can't be down for an 
extended period of time you need to add some redundancy. What happens if 
you get a CPU fan failure on a Saturday evening?

More information about the clug-talk mailing list