[arch-general] "Automatic" upgrade

Rodrigo Rivas rodrigorivascosta at gmail.com
Tue Feb 11 13:00:41 EST 2014

On Tue, Feb 11, 2014 at 5:19 PM, David Rosenstrauch <darose at darose.net>wrote:

> On 02/11/2014 07:17 AM, Ismael Bouya wrote:
>> That's not an option. The network on which the machine is is willingly
>> inaccessible from outside: The sysadmin there has the principle that "a
>> machine that works shouldn't be upgraded, because then it can
>> break"
> Then your sysadmin is incompetent, since he is completely ignorant of the
> concept of "security upgrades".
> DR
While I agree on disagreeing with this sysadmin, I think that their point
of view is not properly represented. I've know that position before:

1. Upgrades sometimes go wrong.
2. Upgrades that go fine sometimes have unexpected behavior.
3. My machine is not connected to the Internet, so it's not exposed to

The sysadmin conclusion is therefore:

1. What do I gain upgrading? Nothing.
2. What do I lose upgrading? Maybe something goes wrong.

My guess here is that this "secure" network is full of non-upgraded
(Windows?) machines, and security is attained exclusively by network

So my advice to the OP is to play safe and not to program any kind of
inbound tunnel. That could end in disaster and you would be responsible!
Just limit the access to your mole's handmade tunned, or play by the rules
and not upgrade (ug!).

Just my €0.02.

More information about the arch-general mailing list