[geeks] Policy for system / package upgrades in Enterprise

Katrina Gawas katrina.gawas at gmail.com
Thu Jul 29 04:31:46 CDT 2010


Thanks Andrew, It looks like we have made a bad choice for OS. What
would you suggest a better choice for OS will be? Especially keeping
in mind that we would want to adhere to ISO 27k requirements.

Thank you in advance,
Katrina


On Wed, Jul 28, 2010 at 2:26 AM, Andrew Jones <andrew at jones.ec> wrote:
> On Mon, Jul 26, 2010 at 06:49:52PM +0530, Katrina Gawas wrote:
>> Hi All,
>>
>> We are trying to set policies for system / packages upgrade in our
>> company. Currently most of our systems have Ubuntu 8.04LTS server.
>> What do you think should be the policies in regards to the following:
>>
>
> If these policy questions are even a concern for your firm, you should dump
> Ubuntu sooner rather than later.  You are not Ubuntu's target audience.
>
>> * Upgrading of packages? Say as per some requirement developers needs
>> java6u20 on production machines and currently Ubuntu 8.04 LTS only
>> supports java6u6. There is one view from our IT head that one should
>> upgrade the OS to keep up with the package requirement. Is this
>> correct/viable?
>
> You will be maintaining your own package trees regardless.  Canonical
> only offers support and patches for a very specific set of packages.
Anything
> outside their core set of packages goes unpatched.
>
> In other words, go nuts.  You'll have to maintain your own Java packages to
> stay on top of security holes anyway.
>
> Needless to say, mintaining your own package trees will be
labour-intensive.
>
>> * Upgrading of OS? Ubuntu 8.04 LTS support will be available for a few
>> more years. What should be the proposed OS change cycle. Or should
>> only parts of the OS stack be updated as per requirement?
>
> Having been forced to use Ubuntu in production, I would never recommend
> upgrading an existing system.
>
>> * Should any of the above policies vary if we want to strictly
>> implement ISO 27001 considerations (http://www.iso27001security.com/).
>>
>
> In my own work, I consider Ubuntu support to be strictly a "best effort"
> endeavour. I can't imagine what hoops you would have to jump through to
feel
> comfortable that you had satisfied ISO 27k requirements.
> _______________________________________________
> GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks



More information about the geeks mailing list