I view the delays during launch and the extra time spent during updates as a “load on the system.”
Also, it entirely depends on your deployment environment. I develop system images that go out on thousands of devices deployed in “Cybersecuity Sensitive” environments, meaning: we have to document what’s on the system and justify when anything in the SBOM (list of every software package installed on the machine) is identified as having any applicable CVEs… soooo… keeping old versions of software anywhere on the machine is a problem (significant additional documentation load) for those security audits. Don’t argue with logic, these are our customers and they have established their own procedures, so if we want their money, we will provide them with the documentation they demand, and that documentation is simplest when EVERYTHING on the system has ALL the latest patches.
The most secure systems are those that don’t do anything at all. You can’t hack a brick.
Hey, like I said, great info for me to learn because I don’t know. I was only saying that I don’t mind because my situation is fine with it. Thanks for the info, it’s interesting. I’m sure for any situation there’s a better and worse solution and I’m sure that for any solution, there’s a situation that either likes or dislikes the approach.
I view the delays during launch and the extra time spent during updates as a “load on the system.”
Also, it entirely depends on your deployment environment. I develop system images that go out on thousands of devices deployed in “Cybersecuity Sensitive” environments, meaning: we have to document what’s on the system and justify when anything in the SBOM (list of every software package installed on the machine) is identified as having any applicable CVEs… soooo… keeping old versions of software anywhere on the machine is a problem (significant additional documentation load) for those security audits. Don’t argue with logic, these are our customers and they have established their own procedures, so if we want their money, we will provide them with the documentation they demand, and that documentation is simplest when EVERYTHING on the system has ALL the latest patches.
The most secure systems are those that don’t do anything at all. You can’t hack a brick.
Hey, like I said, great info for me to learn because I don’t know. I was only saying that I don’t mind because my situation is fine with it. Thanks for the info, it’s interesting. I’m sure for any situation there’s a better and worse solution and I’m sure that for any solution, there’s a situation that either likes or dislikes the approach.