Re: its easier to rant to get quoted than it is to do some research (Oracle Patching)

  • From: Niall Litchfield <niall.litchfield@xxxxxxxxx>
  • To: bdbafh@xxxxxxxxx
  • Date: Wed, 25 Jan 2006 22:16:20 +0000

On 1/25/06, Paul Drake <bdbafh@xxxxxxxxx> wrote:
>
> I tend to agree with this gentleman:
> "At least with a quarterly process you know when the next release is
> coming and you can schedule the deployment work well ahead of time," Nirnay
> Patil, DBA for Boston-based wireless communications provider American Tower
> Corp., said at the time. "You can work out the manpower issues and all that.
> And when the patches come out, there's time to test things more carefully."
>
>
I tend not to. At least I agree that patching things once a quarter is not
unreasonable, I can't believe that patching things several years after they
are reported is sensible. Then there are the changing advisories and
checksums. Sadly I suspect that Oracle will get security between 3 and 6
months after oracle databases are widely penetrated. Given that my id, my
benefits, my employment details etc depend on Oracle databases this scares
me silly.

The 3 -6 months by the way is the timescale where the supplier blames the
customers for not applying all of the 344 one off patches after testing them
first.


--
Niall Litchfield
Oracle DBA
http://www.niall.litchfield.dial.pipex.com

Other related posts: