[c-nsp] Prepare for router Wednesday

Frank Bulk - iNAME frnkblk at iname.com
Tue Mar 11 22:43:30 EDT 2008 

By not making the update available until the 6 month mark has been met,
service providers are not able to choose their own update cycle.  Rather, by
restricting the updates to every 6 months, Cisco has reduced the update
cycle to, at most, once every 6 months.  So this reduces flexibility for the
customer, but benefits Cisco by reducing the number of test cycles and
updates they need to post, i.e. cost savings for them.

Frank

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jared Mauch
Sent: Tuesday, March 11, 2008 9:32 AM
To: Jason Gurtz
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Prepare for router Wednesday

On Tue, Mar 11, 2008 at 09:57:11AM -0400, Jason Gurtz wrote:
> > So we need to wait 6 months for security patches if an exploit which
> > may affect us is discovered on the fourth Thursday of September?
> > That's crazy! Let Enterprise customers wait if they want, I want my
> > security patches ASAP so we can test them for a few days then deploy
> > network wide. Does anyone else think this is not a rational change?
>
> Monthly has seemed to be a reasonable trade-off between attack window and
> manageability.  6 months seems like...yo wtf is in charge there that made
> this heinous decision?

        Actually, I know who did this and they're on the list
last I knew, so there is a chance for your feedback to be read.

        I think it's a challenge coming with any system that is
perfect.  The issue here is balance.  This strikes a balance in
favor of expecting a level of uptime from your ISPs.  If they
were rebooting once a month you might not be very happy.

        Oh well, you can't win them all.  I think this will be
good overall.

        - Jared

--
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list