12 Aug
2022
12 Aug
'22
11:34 a.m.
The work of managing your own distro even for a device like a media server
or handheld gameplayer around the turn of the century was a huge task
that's broken more than one admin but almost manageable as long as you
didn't have to do the custom apps too but that was long before the
opensource eco-system puddle swole up into an ocean. Think you'd need a
team of at least 4-6 to do it now. Freezing a version forever is not even
an option today, waiting until it's hacked aka letting your users find the
bugs never was.
On Thu, Aug 11, 2022 at 4:09 PM Rick Moen <rick(a)linuxmafia.com> wrote:
Quoting Brian E. Lavender (brian(a)brie.com):
There are probably a boat load of known
vulnerabilities in F13.
The only way running Internet-exposed Fedora 13, even for a minimal host
that's just barely enough of an OS build to support a hypervisor, in
2022, would involve the local sysadmin _completely_ having assumed and
diligently carried out, without fail, all security maintenance
_manually_ for all eleven years, since 2011-06-24, when Security Team
coverage of F13 ceased permanently.
That would mean diligently reading all CVEs for all local components
exposed to public traffic -- including the Linux kernel (especially its
network stack), all public-facing services, and all of their libs and
support utilities -- doing, as appropriate, paring of
code/functionality, upgrading, mitigating, applying needed source
patches, etc.
That could be done, by a sufficiently determined and well-prepared
sysadmin who wishes to hand-maintain a very minimal system for
locally-compelling reasons. Gary, _did_ you do all that?
If you didn't, Gary, that's likely a key part of your problem. And
dismissing the problem of need to plug proven security holes with "the
upgrade treadmill is that it is a waste of time" is a reminder that
denial isn't a river in Egypt.
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com