| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown)
Citrix provides updates for XenServer, but not for XCP.
But in any way, exposing management interface to unprotected network
is bad idea. If you have no managed interface available from
internet, you have very few vulnerable for remote attack components:
kernel, openvswitch... thats all.
Idea behind XCP is well-protected internal network with management
interface, unencrypted storage traffic, migration traffic, XCP own
synchronization traffic and separate (by VLAN or by different
physical interface) network for clients with internet access.
On 26.10.2011 09:33, Grant McWilliams wrote:
On Tue, Oct 25, 2011 at 7:45 AM, George
Shuklin <george.shuklin@xxxxxxxxx>
wrote:
NEVER upgrade XCP by
CentOS packages.
You will break it beyond repair level. Reason is simple: XCP
shipped with patched packages, and replacing them with
non-patched will cause grave damage. And worst is damage is
not instant - you will continue to operate, but found
'something got wrong' later.
The most important is lvm2 package, which is patched to
allow shared storage usage (--master option). Default LVM2
will trash metadata on LVM SR (LVM and LVMoISCSI SM) at some
moment.
Other (i'm not sure) is udev package, and may be few more.
Why aren't those packages masked in the repo configs like the
kernel is?
Having a server OS with no upgrade path is a very bad idea.
Zero day exploit? How about zero month or zero year exploit?
I'd like to hope that this gets changed at some point.
Grant McWilliams
http://grantmcwilliams.com/
Some people, when confronted with a problem, think "I know,
I'll use Windows."
Now they have two problems.
|
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home