[gpfsug-discuss] GPFS 5 and supported rhel OS
Skylar Thompson
skylar2 at uw.edu
Mon Feb 24 23:58:15 GMT 2020
On Sun, Feb 23, 2020 at 04:58:03PM -0500, Valdis Klētnieks wrote:
> On Sun, 23 Feb 2020 12:20:48 +0000, Jonathan Buzzard said:
>
> > > That's not *quite* so bad. As long as you trust *all* your vendors to notify
> > > you when they release a patch for an issue you hadn't heard about.
>
> > Er, what do you think I am paid for? Specifically it is IMHO the job of
> > any systems administrator to know when any critical patch becomes
> > available for any software/hardware that they are using.
>
> You missed the point.
>
> Unless you spend your time constantly e-mailing *all* of your vendors
> "Are there new patches I don't know about?", you're relying on them to
> notify you when there's a known issue, and when a patch comes out.
>
> Redhat is good about notification. IBM is.
>
> But how about things like your Infiniband stack? OFED? The firmware in all
> your devices? The BIOS/UEFI on the servers? If you're an Intel shop, how do you
> get notified about security issues in the Management Engine stuff (and there's
> been plenty of them). Do *all* of those vendors have security lists? Are you
> subscribed to *all* of them? Do *all* of them actually post to those lists?
We put our notification sources (Nessus, US-CERT, etc.) into our response
plan. Of course it's still a problem if we don't get notified, but part of
the plan is to make it clear where we're willing to accept risk, and to
limit our own liability. No process is going to be perfect, but we at least
know and accept where those imperfections are.
--
-- Skylar Thompson (skylar2 at u.washington.edu)
-- Genome Sciences Department, System Administrator
-- Foege Building S046, (206)-685-7354
-- University of Washington School of Medicine
More information about the gpfsug-discuss
mailing list