RE: applying security patches
- From: "Schultz, Charles" <sac@xxxxxxxxxxxxx>
- To: <joseph.armstrong-champ@xxxxxxxxx>, "ORACLE-L" <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 2 Aug 2006 15:10:29 -0500
All three of those are issues that any shop is going to deal with
migrating any type of change through the life-cycle. Or at least, any
shop that follows any type of developmental standards. *grin*
Our problem with the security patches are not the users, but the DBAs
(and I am one of them). We have to choose between a critical bug fix or
a patched security hole, because invariably a Security CPU is not
compatible with a bug fix, and it takes months for Oracle DEV to merge
them, at which point, another CPU comes out.
Sounds like Oracle DEV is facing the same issues that your users are
(too busy to test all changes).
Call me cynical (or call me realistic).
-charles schultz
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Joe Armstrong-Champ
Sent: Wednesday, August 02, 2006 3:00 PM
To: ORACLE-L
Subject: applying security patches
Does anyone ever get any problems from users who don't want to apply the
cpu patches? For example, we have users who don't want to apply them
because:
1. the test system is different from the prod system (application-wise,
not system-wise) 2. testers are busy on other things and can't take time
to test the security changes 3. the prod system is in the middle of a
critical process and no changes can be made for some time period
sometimes up to 4 weeks.
Issue #1 concerns me and leads to the question of what type of testing
do people require before installing the patch in prod.
I don't have a lot of sympathy for #2 since the patches are security
related and have big implications if not applied.
Number 3 is also valid. Not sure what to do about this.
Comments appreciated.
Joe
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
