WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown)

To: "Fajar A. Nugraha" <list@xxxxxxxxx>
Subject: Re: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown)
From: Grant McWilliams <grantmasterflash@xxxxxxxxx>
Date: Wed, 26 Oct 2011 09:57:14 -0700
Cc: Xen User-List <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 26 Oct 2011 10:00:40 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=TW3KJnNnjGEJShDI+eEj27OSwJti0NvgOiR+I1GLTrU=; b=TbnBgHa5rIugKX9SefhZmR2wToD/jBQpNo1rwbbIYkUO0PH1/mD2ZuvlvlpGak/AQi 6pGtZE0W1gVtP6+g7qv+O/JUa5zEd81MvKrEd8nYjqU+mV9YETW7FwvP8gtug7lG8HKI ++GVfFs1HREQDLEVy7VZVOwAKA6fuCcPrwdwk=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAG1y0sdwyeBbgKJk6n6N6zfu_bFbF8Uj2h7NY_+1RtFab_oFLg@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <CAK5Eu=uRLu17+FTBZdqSUgbKUo4p1QHj1YFBWhy0f5F7Xb_9sg@xxxxxxxxxxxxxx> <602C5EB92F9AFB4D89D11B9F5B7F1355160FF2F3@xxxxxxxxxxxxxxxxxxxxxxxxx> <CAK5Eu=uH8xG52nRJVO7MaBH9sjzzMRNNQVX0Wc4bCHORj9BqPQ@xxxxxxxxxxxxxx> <4EA6CB8B.2020709@xxxxxxxxx> <CAGnmK4ybB8tbyyyhxXZ6dvBmGpVbQvCZ4KTHhJbMSU9i+JuAMQ@xxxxxxxxxxxxxx> <CAG1y0sdwyeBbgKJk6n6N6zfu_bFbF8Uj2h7NY_+1RtFab_oFLg@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx

On Tue, Oct 25, 2011 at 10:38 PM, Fajar A. Nugraha <list@xxxxxxxxx> wrote:
On Wed, Oct 26, 2011 at 12:33 PM, Grant McWilliams
<grantmasterflash@xxxxxxxxx> wrote:
> On Tue, Oct 25, 2011 at 7:45 AM, George Shuklin <george.shuklin@xxxxxxxxx>
> wrote:
>>
>> NEVER upgrade XCP by CentOS packages.

> Why aren't those packages masked in the repo configs like the kernel is?

Probably because the repos are disabled in the first place.

They're disabled because Citrix doesn't want to support XCP. They provide updates to Xenserver. 

>
> Having a server OS with no upgrade path is a very bad idea. Zero day
> exploit? How about zero month or zero year exploit? I'd like to hope that
> this gets changed at some point.

How would you "upgrade" (for example) XenServer? Or a vmware vsphere
node? IMHO the same methods and policy should also apply to xcp.


The exact same way you'd upgrade ANY other server on the planet. And yes those same methods should be applied to XCP.  You can currently upgrade but you have to pull all your nodes down, put in a CD (my nodes don't even have optical disks, why would they?) and upgrade via a CD. That means the only time you get any security updates is once every 6 months or a year and only when you can physically access the nodes.
 
--
Fajar


Grant McWilliams
http://grantmcwilliams.com/

Some people, when confronted with a problem, think "I know, I'll use Windows."
Now they have two problems.

 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users