On 1/25/06, Paul Drake <bdbafh@xxxxxxxxx> wrote: > > I tend to agree with this gentleman: > "At least with a quarterly process you know when the next release is > coming and you can schedule the deployment work well ahead of time," Nirnay > Patil, DBA for Boston-based wireless communications provider American Tower > Corp., said at the time. "You can work out the manpower issues and all that. > And when the patches come out, there's time to test things more carefully." > > I tend not to. At least I agree that patching things once a quarter is not unreasonable, I can't believe that patching things several years after they are reported is sensible. Then there are the changing advisories and checksums. Sadly I suspect that Oracle will get security between 3 and 6 months after oracle databases are widely penetrated. Given that my id, my benefits, my employment details etc depend on Oracle databases this scares me silly. The 3 -6 months by the way is the timescale where the supplier blames the customers for not applying all of the 344 one off patches after testing them first. -- Niall Litchfield Oracle DBA http://www.niall.litchfield.dial.pipex.com